CPE 2.3 Specifications Released

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

CPE 2.3 Specifications Released

Waltermire, David A.

Community Members,

 

I am pleased to announce the final release of four NIST Interagency Reports (NISTIRs) that define the specifications for Common Platform Enumeration (CPE) version 2.3. CPE, which is one of the fundamental components of the Security Content Automation Protocol (SCAP), provides a standardized way to identify and describe software and hardware devices present in an enterprise's computing asset inventory. Each of the four CPE 2.3 modules is defined in its own NISTIR:

·  NISTIR 7695, Common Platform Enumeration: Naming Specification Version 2.3 defines the CPE Naming specification, including the logical structure of well-formed CPE names and the procedures for binding and unbinding these names with machine-readable encodings. 

·  NISTIR 7696, Common Platform Enumeration: Name Matching Specification Version 2.3 provides the CPE Name Matching specification, which defines procedures for comparing CPE names to determine whether they refer to some or all of the same products or platforms.

·  NISTIR 7697, Common Platform Enumeration: Dictionary Specification Version 2.3defines the CPE Dictionary specification, including the semantics of its data model and the rules associated with CPE dictionary creation and management. 

·  NISTIR 7698, Common Platform Enumeration: Applicability Language Specification Version 2.3 provides the CPE Applicability Language specification, which allows construction of complex groupings of CPE names to describe IT platforms.

The CPE specifications and other resources can be found at:

 

http://scap.nist.gov/specifications/cpe/

 

Sincerely,

 

David Waltermire

SCAP Architect

National Institute of Standards and Technology

(301) 975-3390

[hidden email]

 

Reply | Threaded
Open this post in threaded view
|

Re: CPE 2.3 Specifications Released

Stav Raviv

Hello,

 

I understand that CPE 2.3 specifications were already approved.

 

When is the CPE official dictionary (the actual content) expected to be released?

If you are currently working on a draft version of it, is it possible to receive a copy of such a draft?

We are currently working on integrating CPE deeper into our product, and would like to take the 2.3 specifications into account.

 

Also- do you know when the CPE terms in NVD’s vulnerabilities would be updated to 2.3?

 

Thanks in advance,

 

Stav Kaufman

Content Team

(T)  +972-9-9545922

[hidden email]

 

    

 

Learn More about Skybox Solutions and Technology: www.skyboxsecurity.com

 

 

 

From: Waltermire, David A. [mailto:[hidden email]]
Sent: Thursday, September 01, 2011 11:33 PM
To: [hidden email]
Subject: [CPE-DISCUSSION-LIST] CPE 2.3 Specifications Released

 

Community Members,

 

I am pleased to announce the final release of four NIST Interagency Reports (NISTIRs) that define the specifications for Common Platform Enumeration (CPE) version 2.3. CPE, which is one of the fundamental components of the Security Content Automation Protocol (SCAP), provides a standardized way to identify and describe software and hardware devices present in an enterprise's computing asset inventory. Each of the four CPE 2.3 modules is defined in its own NISTIR:

·  NISTIR 7695, Common Platform Enumeration: Naming Specification Version 2.3 defines the CPE Naming specification, including the logical structure of well-formed CPE names and the procedures for binding and unbinding these names with machine-readable encodings. 

·  NISTIR 7696, Common Platform Enumeration: Name Matching Specification Version 2.3 provides the CPE Name Matching specification, which defines procedures for comparing CPE names to determine whether they refer to some or all of the same products or platforms.

·  NISTIR 7697, Common Platform Enumeration: Dictionary Specification Version 2.3defines the CPE Dictionary specification, including the semantics of its data model and the rules associated with CPE dictionary creation and management. 

·  NISTIR 7698, Common Platform Enumeration: Applicability Language Specification Version 2.3 provides the CPE Applicability Language specification, which allows construction of complex groupings of CPE names to describe IT platforms.

The CPE specifications and other resources can be found at:

 

http://scap.nist.gov/specifications/cpe/

 

Sincerely,

 

David Waltermire

SCAP Architect

National Institute of Standards and Technology

(301) 975-3390

[hidden email]

 


______________________________________________________________________
Scanned for viruses by Security Server ML @ Skybox Security.

Reply | Threaded
Open this post in threaded view
|

Re: CPE 2.3 Specifications Released

McCormick, Christopher [USA]

NIST is in the process of creating a sample 2.3 version of the CPE dictionary and will provide the draft once finalized.  The sample 2.3 dictionary should be dispersed within the next two weeks either by sending the file to the list and/or providing a temporary link to retrieve.  A follow-up email will be sent to the discussion list when the sample is ready for dispersal.

NIST intends to begin production of a 2.3 version of the CPE Dictionary by or before March 2012.  Any change to the Vulnerability Data feed will happen only after a new model has been published, likely late in 2012.

Thank you,

Chris

Christopher McCormick
National Vulnerability Database
nvd.nist.gov


 

From: Stav Raviv [[hidden email]]
Sent: Wednesday, December 07, 2011 8:59 AM
To: [hidden email]
Subject: Re: [CPE-DISCUSSION-LIST] CPE 2.3 Specifications Released

Hello,

 

I understand that CPE 2.3 specifications were already approved.

 

When is the CPE official dictionary (the actual content) expected to be released?

If you are currently working on a draft version of it, is it possible to receive a copy of such a draft?

We are currently working on integrating CPE deeper into our product, and would like to take the 2.3 specifications into account.

 

Also- do you know when the CPE terms in NVD’s vulnerabilities would be updated to 2.3?

 

Thanks in advance,

 

Stav Kaufman

Content Team

(T)  +972-9-9545922

[hidden email]

 

    

 

Learn More about Skybox Solutions and Technology: www.skyboxsecurity.com

 

 

 

From: Waltermire, David A. [mailto:[hidden email]]
Sent: Thursday, September 01, 2011 11:33 PM
To: [hidden email]
Subject: [CPE-DISCUSSION-LIST] CPE 2.3 Specifications Released

 

Community Members,

 

I am pleased to announce the final release of four NIST Interagency Reports (NISTIRs) that define the specifications for Common Platform Enumeration (CPE) version 2.3. CPE, which is one of the fundamental components of the Security Content Automation Protocol (SCAP), provides a standardized way to identify and describe software and hardware devices present in an enterprise's computing asset inventory. Each of the four CPE 2.3 modules is defined in its own NISTIR:

·  NISTIR 7695, Common Platform Enumeration: Naming Specification Version 2.3 defines the CPE Naming specification, including the logical structure of well-formed CPE names and the procedures for binding and unbinding these names with machine-readable encodings. 

·  NISTIR 7696, Common Platform Enumeration: Name Matching Specification Version 2.3 provides the CPE Name Matching specification, which defines procedures for comparing CPE names to determine whether they refer to some or all of the same products or platforms.

·  NISTIR 7697, Common Platform Enumeration: Dictionary Specification Version 2.3defines the CPE Dictionary specification, including the semantics of its data model and the rules associated with CPE dictionary creation and management. 

·  NISTIR 7698, Common Platform Enumeration: Applicability Language Specification Version 2.3 provides the CPE Applicability Language specification, which allows construction of complex groupings of CPE names to describe IT platforms.

The CPE specifications and other resources can be found at:

 

http://scap.nist.gov/specifications/cpe/

 

Sincerely,

 

David Waltermire

SCAP Architect

National Institute of Standards and Technology

(301) 975-3390

[hidden email]

 


______________________________________________________________________
Scanned for viruses by Security Server ML @ Skybox Security.