Skip to main content

CVE Common Vulnerabilities and Exposures
CVSS Common Vulnerability Scoring System
OVAL Open Vulnerability and Assessment Language
OCIL Open Checklist Interactive Language
XCCDF eXtensible Configuration Checklist Description Format
CPE Common Platform Enumeration
CCE Common Configuration Enumeration
ARF Assessment Result Format
CWE Common Weakness Enumeration
CWSS Common Weakness Scoring System
CEE Common Event Expression
IODEF Incident Object Description Exchange Format
CAPEC Common Attack Pattern Enumeration and Classification
MAEC Malware Attribution Enumeration and Characterization Format
CybOX Cyber Observable Expression
PFAM Phishing, Fraud and Misuse Format
RID Real-time Inter-network Defence
TNC TrustedNetworkConnect
MILE Managed Incident Lightweight Exchange
CYBEX Cybersecurity Information Exchange Framework

功能區塊 (Functional blocks) CYBEX 屬別規範
重要規範 (Imported specifications) 新建立規範 (Newly built specifications)
資訊描述區塊 (Information Description block) CPE, CCE, CVE, CWE, CAPEC, MAEC, CVSS, CWSS, OVAL, XCCDF, ARF, IODEF, CEE, TS102232, TS102667, TS23.271, RFC3924, EDRM X.dexf, X.pfoc
資訊探索區塊 (Information Discovery block) X.cybex.1, X.cybex-disc
資訊查詢區塊 (Information Query block) X.chirp
資訊保證區塊 (Information Assurance block) EVCERT, TS102042 V2.0 X.eaa
資訊傳輸區塊 (Information Transport block) TS102232-1 X.cybex-tp, X.cybex-beep

領域(Area) 層次(Tier) 1 使用標準化命名 (Utilize Standard Naming) 層次(Tier) 1 使用標準化命名 (Utilize Standard Naming) 層次(Tier) 2 定義結構化指南 (Define Structured Guidance)
產品名稱標準化(Standardized Product Names) CPE SWID CPE SWID*
組態項目識別標準化(Standardized Configuration Item Identification) CCE
安全組態致能(Enable Automated Secure Configuration Checking) CCE 之 API 建議(Construct) CCE 之 OVAL 規範(Specify)
建議(Construct) CCE 之 OVAL 規範(Specify) XCCDF, CPE, CEE XCCDF, CPE, CEE, OVAL 遵循定義 (Compliance Definitions)
存貨/資產管理支持(Inventory/Asset Management Support) OVAL 存貨定義 (Inventory Definitions)
脆弱性識別,揭露與回應實務(Vulnerability Identification, Disclosure, and Response Practices) CPE, CVE, CVSS SWID OVAL 脆弱性定義 (Vulnerability Definitions)
修補檢查(Patch Checking) CPE, CVE, CVSS SWID OVAL 存貨定義