CVSS (Common Vulnerability Scoring System) is a scoring system that provides an open framework for determining the impact of information technology vulnerabilities and a format for communicating vulnerability characteristics. The CVSS standard is maintained by FIRST.
SCAP 1.0 and 1.2 policies are compliant with CVSS Version 2.0. Tell me moreTell me more
Specification: http://csrc.nist.gov/publications/nistir/ir7435/NISTIR-7435.pdf
CVSS Base Scores: http://nvd.nist.gov/
FIRST: http://www.first.org/cvss/
User Guide: "A Complete Guide to the Common Vulnerability Scoring System Version 2.0" at http://www.first.org/cvss/v2/guide
CVSS information is displayed in the SCAP compliance reports.