Certified Information Systems Security Professional (CISSP) — Question 11

Which of the following frameworks provides vulnerability metrics and characteristics to support the National Vulnerability Database (NVD)?

Answer options

• A. Common Vulnerabilities and Exposures (CVE)
• B. Center for Internet Security (CIS)
• C. Common Vulnerability Scoring System (CVSS)
• D. Open Web Application Security Project (OWASP)

Correct answer: C

Explanation

The Common Vulnerability Scoring System (CVSS) provides a standardized method for rating the severity of vulnerabilities, which is essential for the National Vulnerability Database (NVD). The other options, while related to vulnerabilities, do not offer a scoring framework like CVSS does, making them less relevant in this context.