National Vulnerability Database

Security automation reference data is currently housed within the National Vulnerability Database (NVD). The NVD is the U.S. Government repository of security automation data based on security automation specifications. This data provides a standards-based foundation for the automation of software asset, vulnerability, and security configuration management; security measurement; and compliance activities. This data supports security automation efforts based on the Security Content Automation Protocols (SCAP). The NVD includes databases of security configuration checklists for the NCP, listings of publicly known software flaws, product names, and impact metrics. A formal validation program tests the ability of vendor products to use some forms of security automation data based on a product's conformance in support of specific enterprise capabilities.

安全自动化参考数据目前存储于国家漏洞数据库（NVD）中。NVD是美国政府基于安全自动化规范的用于安全自动化数据存储的官方库。该数据提供了基于标准的软件资产、漏洞和安全配置管理的自动化、安全测量以及合规性活动的基石。这些数据支持基于安全内容自动化协议（SCAP）的安全自动化努力。NVD包括针对NCP的安全配置清单数据库、已知公开软件缺陷列表、产品名称以及影响指标。一项正式的验证计划旨在测试供应商产品使用某些形式的安全自动化数据的能力，该能力基于产品对特定企业能力的支持性符合度。