Term:Vulnerability

CNSSI 4009

Vulnerability - Weakness in an IS, system security procedures, internal controls, or implementation that could be exploited.

DoD 8580.02-R

Vulnerability - See Reference (g) for definition. DL1.53.

DoDD 8581.01

Vulnerability - Weakness in an IS, or cryptographic system, or components (e.g., system security procedures, hardware design, internal controls) that could be exploited ( reference (h)). E2.1.42.

DoDI 8551.01

Vulnerability - A weakness in an information system, or cryptographic system, or components (e.g., system security procedures, hardware design, internal controls) that could be exploited ( reference (f)). E2.1.23.

DSS Glossary

Vulnerability - Susceptibility of information to exploitation by an adversary.

GAO-09-232G

Vulnerability - Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source.

NIST FIPS 200

Vulnerability - Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source. [CNSS Instruction 4009 Adapted]

NIST IR 7298

Vulnerability - Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source. SOURCE: SP 800-53; FIPS 200; CNSSI-4009 Adapted

NIST IR 7328 Draft

Vulnerability - Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source. [CNSS Inst. 4009, Adapted]

NIST IR 7511 Draft r1

Vulnerability - An error, flaw, or mistake in computer software that permits or causes an unintended behavior to occur. CVE is a common means of enumerating vulnerabilities.

NIST SP 800-114

Vulnerability - A security weakness in a computer.

NIST SP 800-115

Vulnerability - Weakness in an information system, or in system security procedures, internal controls, or implementation, that could be exploited or triggered by a threat source.

NIST SP 800-16

Vulnerability - a flaw or weakness that may allow harm to occur to an IT system or activity.

NIST SP 800-18r1

Vulnerability - Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source. [CNSS Inst. 4009, Adapted]

NIST SP 800-26

Vulnerability - Vulnerability is a flaw or weakness that may allow harm to occur to an IT system or activity. | Term=Access Control | SourceDocument=NIST SP 800-27rA | TermAcronym=| TermAlternate=| Definition=Enable authorized use of a resource while preventing unauthorized use or use in an unauthorized manner. | AnnotationDoc= | CFramework=FISMA | CSourceOrg= }}

NIST SP 800-27rA

Vulnerability - A weakness in system security requirements, design, implementation, or operation, that could be accidentally triggered or intentionally exploited and result in a violation of the system's security policy.

NIST SP 800-28v2

Vulnerability - A flaw or weakness in a computer system, its security procedures, internal controls, or design and implementation, which could be exploited to violate the system security policy.

NIST SP 800-30

Vulnerability - A flaw or weakness in system security procedures, design, implementation, or internal controls that could be exercised (accidentally triggered or intentionally exploited) and result in a security breach or a violation of the system's security policy.

NIST SP 800-33

Vulnerability - A weakness in system security procedures, design, implementation, internal controls, etc., that could be accidentally triggered or intentionally exploited and result in a violation of the system's security policy.

NIST SP 800-37r1 Draft

Vulnerability - Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source. [CNSS Inst. 4009, Adapted]

NIST SP 800-37

Vulnerability - Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source. [CNSS Inst. 4009, Adapted]

NIST SP 800-39 Draft 2

Vulnerability - Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source. [CNSS Inst. 4009, Adapted]

NIST SP 800-40

Vulnerability - A flaw in the design or configuration of software that has security implications. A variety of organizations maintain publicly accessible databases of vulnerabilities.

NIST SP 800-42

Vulnerability - A bug or misconfigurations or special sets of circumstances that could result in an exploitation of that vulnerability. For the purposes of this document, a vulnerability could be exploited directly by an attacker, or indirectly through automated attacks such as Distributed Denial of Service (DDOS) attacks or by computer viruses.

NIST SP 800-44v2

Vulnerability - A security exposure in an operating system or other system software or application software component. A variety of organizations maintain publicly accessible databases of vulnerabilities based on the version numbers of software. Each vulnerability can potentially compromise the system or network if exploited.

NIST SP 800-44

Vulnerability - A security exposure in an operating system or other system software or application software component. A variety of organizations maintain publicly accessible databases of vulnerabilities based on the version number of the software. Each vulnerability can potentially compromise the system or network if exploited.

NIST SP 800-45

Vulnerability - A security exposure in an operating system or other system software or application software component. A variety of organizations maintain publicly accessible databases of vulnerabilities based on the version numbers of software. Each vulnerability can potentially compromise the system or network if exploited.

NIST SP 800-47

Vulnerability - A flaw or weakness in system security procedures, design, implementation, or internal controls that could be exercised (accidentally triggered or intentionally exploited) and result in a security breach or a violation of the system's security policy.

NIST SP 800-53A

Vulnerability - Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source. [CNSS Inst. 4009, Adapted]

NIST SP 800-53r1

Vulnerability - Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source.

NIST SP 800-53r2

Vulnerability - Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source. [CNSS Inst. 4009, Adapted]

NIST SP 800-53r3

Vulnerability - Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source. [CNSSI 4009]

NIST SP 800-60r1V1

Vulnerability - Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source. [CNSS Inst. 4009, Adapted]

NIST SP 800-60r1V2

Vulnerability - Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source. [CNSS Inst. 4009, Adapted]

NIST SP 800-61r1

Vulnerability - A weakness in a system, application, or network that is subject to exploitation or misuse.

NIST SP 800-61

Vulnerability - A weakness in a system, application, or network that is subject to exploitation or misuse.

NIST SP 800-66

Vulnerability - A flaw or weakness in the design or implementation of an information system (including the security procedures and security controls associated with the system) that could be intentionally or unintentionally exploited to adversely affect an organization's operations or assets through a loss of confidentiality, integrity, or availability. [NIST SP 800-6637]

NIST SP 800-69

Vulnerability - A security weakness of a computer.

NIST SP 800-82 Final Draft

Vulnerability - Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source. [NIST SP 800-53 Revision 1, Recommended Security Controls for Federal Information Systems, July 2006.]

NSTISSI 1000

Vulnerability - Weakness in an IS, system security procedures, internal controls, or implementation that could be exploited.