CVSS (Common Vulnerability Scoring System) is a scoring system that provides an open framework for determining the impact of information technology vulnerabilities and a format for communicating vulnerability characteristics. The CVSS standard is maintained by FIRST.

SCAP 1.0 and 1.2 policies are compliant with CVSS Version 2.0. Tell me moreTell me more


CVSS Base Scores:


User Guide: "A Complete Guide to the Common Vulnerability Scoring System Version 2.0" at

CVSS information is displayed in the SCAP compliance reports.

See Statement of CVSS Implementation