2 options
The common configuration scoring system (CCSS) : metrics for software security configuration vulnerabilities (draft) / Karen Scarfone, Peter Mell.
Connect to full text Available online
View online- Format:
- Book
- Government document
- Author/Creator:
- Scarfone, Karen
- Series:
- NISTIR ; 7502.
- NIST special publication. Computer security
- NIST interagency report ; 7502. Computer security
- Language:
- English
- Subjects (All):
- Software configuration management.
- Computer security--Standards--Government policy--United States.
- Computer security.
- United States.
- Physical Description:
- 1 online resource (v, 36 pages)
- Edition:
- 2nd public draft.
- Other Title:
- CCSS
- Metrics for software security configuration vulnerabilities (draft)
- Place of Publication:
- Gaithersburg, MD : U.S. Dept. of Commerce, National Institute of Standards and Technology, [2009]
- Summary:
- The Common Configuration Scoring System (CCSS) is a set of measures of the severity of software security configuration issues. CCSS is derived from CVSS, which was developed to measure the severity of vulnerabilities due to software flaws. CCSS can assist organization issues should be addressed and can provide data to be used in quantitative assessments of the overall security posture of a system. This report defines proposed measures for CCSS and equations to be used to combine the measures into severity scores for each configuration issue. The report also provides several examples of how CCSS measures and scores would be determined for a diverse set of security configuration issues.
- Notes:
- Title from title screen (viewed on June 18, 2009).
- "June 2009."
- Includes bibliographical references.
- OCLC:
- 406506728
- Publisher Number:
- GOVPUB-C13-f7d5dca526cce6157bfd1c6e4bf030c7
The Penn Libraries is committed to describing library materials using current, accurate, and responsible language. If you discover outdated or inaccurate language, please fill out this feedback form to report it and suggest alternative language.