Vulnerability

Get Certified Get Ahead

Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source. 

See the following under Vulnerability for more information: 
NIST SP 800-37 Rev. 1.
FIPS 200.
NIST SP 800-128.
NIST SP 800-137.
NIST SP 800-161.
NIST SP 800-18 Rev. 1
NIST SP 800-53 Rev. 4
NIST SP 800-53A Rev. 4
NIST SP 800-60 Vol. 1 Rev. 1
NIST SP 800-60 Vol. 2 Rev. 1
NIST SP 800-82 Rev. 2
NISTIR 7621 Rev. 1
NISTIR 7622 (NIST SP 800-115NIST SP 800-37NIST SP 800-53ANIST SP 800-60NIST SP 800-53). 
CNSSI 4009-2015 (NIST SP 800-30 Rev. 1). 
NIST SP 800-12 Rev. 1 (NIST SP 800-30 Rev. 1). 
NIST SP 800-30 Rev. 1
NIST SP 800-39
 
A flaw or weakness in system security procedures, design, implementation, or internal controls that could be exercised (accidentally triggered or intentionally exploited) and result in a security breach or a violation of the system’s security policy. 

See  NIST SP 800-47 and NIST SP 800-28 Version 2 under Vulnerability. 
 
A security exposure in an operating system or other system software or application software component. A variety of organizations maintain publicly accessible databases of vulnerabilities based on the version numbers of software. Each vulnerability can potentially compromise the system or network if exploited. 

See the following under Vulnerability for more information: 
NIST SP 800-44 Version 2.  
NIST SP 800-45 Version 2.  
 
A weakness in system security procedures, design, implementation, internal controls, etc., that could be accidentally triggered or intentionally exploited and result in a violation of the system’s security policy. 

See NIST SP 800-33  for more information.
 
A flaw or weakness that may allow harm to occur to an IT system or activity. 

See NIST SP 800-16 under Vulnerability for more information. 
 
A bug, flaw, weakness, or exposure of an application, system, device, or service that could lead to a failure of confidentiality, integrity, or availability. 

See NISTIR 7435 under Vulnerability for more information.  
 
An error, flaw, or mistake in computer software that permits or causes an unintended behavior to occur. CVE is a common means of enumerating vulnerabilities. 

See  NISTIR 7511 Rev. 4 under Vulnerability for more information. 

Share this Post