NIST NVD

NIST NVD Transforms for Maltego 

Founded in 1901, National Institute of Standards and Technology (NIST) is a non-regulatory federal agency within the U.S. Department of Commerce.  The National Vulnerability Database (NVD) is a product of the NIST Computer Security Division, Information Technology Laboratory.  

NVD is the U.S. government repository of standards-based vulnerability management data. The data is represented using the Security Content Automation Protocol (SCAP) and enables automation of vulnerability management, security measurement, and compliance.  

The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics. 

The NVD performs analysis on CVEs that have been published to the CVE Dictionary. The NVD team analyzes CVEs by aggregating data points from the description, references supplied and any supplemental data that can be found publicly at the time. This analysis results in association impact metrics (Common Vulnerability Scoring System - CVSS), vulnerability types (Common Weakness Enumeration - CWE), and applicability statements (Common Platform Enumeration - CPE), as well as other pertinent metadata. The NVD does not actively perform vulnerability testing, relying on vendors, third party security researchers, and vulnerability coordinators to provide information that is then used to assign these attributes.   

NIST NVD’s integration with Maltego provides investigators access to the database and helps them to discover context and insights around CVEs, CPEs and CWEs, all directly within Maltego.

Disclaimer: This product uses the NVD API but is not endorsed or certified by the NVD.