Analytical Tools and Programs

For more information about any of the following tools and programs, please contact

National Vulnerability Database (NVD)

The NVD is the U.S. government repository of standards-based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance.

Vulnerability Notes

Vulnerability Notes contain information about vulnerabilities and include summaries, technical details, remediation information, and lists of affected vendors.

Vulnerability Card Catalog

Authorized users can log into the Vulnerability Card Catalog to access information regarding emerging vulnerabilities reported to the CERT Coordination Center. To determine if you are eligible for obtaining access, please refer to the CERT Knowledgebase FAQ.

NCCIC Portal

The NCCIC Portal provides a secure, web-based, collaborative system to share sensitive, cyber-related information and news with participants in the public and private sector. Authorized users can visit the NCCIC Portal.

US-CERT Einstein Program

This program provides an automated process for collecting, correlating, analyzing, and sharing computer security information across the Federal Government to improve our nation's situational awareness.

Security Configuration Benchmarks and Scoring Tools

The Center for Internet Security (CIS) has security configuration benchmarks and scoring tools, many of which can be downloaded free of charge. Visit the Security Benchmarks website.

Build Security In

A website that includes software assurance and software security information to help developers, architects, and security practitioners create secure systems. Visit the Build Security In website.