NIST National Vulnerability Database (NVD)

The NIST National Vulnerability Database (NVD) is the U.S. government repository of standards-based vulnerability management data. This data enables automation of vulnerability management, security measurement, and compliance. NVD includes databases of security checklists, security related software flaws, misconfigurations, product names, and impact metrics.

The integration of NVD with the Archer IT & Security Vulnerabilities Program use case enables customers to connect the NVD catalog of vulnerabilities using the CVE standard to the asset information within Archer.

On this page

Release notes

Document Version

Published Date

Notes

6.14

June 2024

Re-Signed JavaScript file.

6.14

December 2023

NIST has elected to retire its legacy data feeds and the 1.0 APIs and guided existing users to transition to the 2.0 APIs to continue to get NVD data without interruption.

The data feed configuration has been changed to JavaScript Transporter Data Feed that fetches the NVD vulnerabilities data through NVD API 2.0.

1.3

December 2023

Replacement of HTTP Transporter Data feed due to deprecation of legacy NVD API, with NVD JST Data feed

1.2

August 2023

Update of the NVD Data Request URI

1.1

July 2019

Conversion from XML to JSON source due to XML source deprecation

1.0

December 2023

Initial Version

Overview

Benefits

The NIST NVD integration with Archer enables organizations to:

  • Catalog vulnerabilities using the Common Vulnerability Enumeration (CVE) standard defined by the US Government

  • Build a base Vulnerability Library recognized as security industry standard.

Prerequisites (ODA and system requirements)

Components Prerequisites

Archer Solution Area(s)

IT Security & Risk Management

Archer Use Case(s)

Archer IT Security Vulnerabilities Program

Archer Applications

Vulnerability Library, Vulnerability Reference Lists

Uses Custom Application

No

Requires On-Demand License

No

Archer Requirements

Archer 6.14 and later

Partner/Vendor Requirements

Valid License is required

Compatible use cases and applications - Related applications

Application

Use Case

Primary Purposes of the Relationship

Vulnerability Library

IT Securities Vulnerabilities Program (IT Security & Risk Management)

 

  • The Vulnerability Library application represents a catalog of vulnerability data collected from the National Vulnerabilities Database (NVD)/National Institute of Standards and Technology (NIST).

  • The Vulnerability Library is updated each week or month by data feeds depending on the source.

Vulnerability Reference Lists

IT Securities Vulnerabilities Program (IT Security & Risk Management)

 

  • The Vulnerability Reference Lists application provides a repository of public vulnerability references collected from the National Vulnerabilities Database (NVD)/National Institute of Standards and Technology (NIST).

  • The application provides a list of entries, each containing a vulnerability identification number, a type, and a public reference for known Cyber Security vulnerabilities.

  • The URL found in the application contains a list of public references detailing information about the vulnerability, such as a description, consequences of the vulnerability, and potential mitigation strategies.

Compatible use cases and applications - Impacted use case

  • IT Securities Vulnerabilities Program

Compatible use cases and applications - Impacted fields

This section provides an understanding of the data that will be shared between NVD and Archer. To see the detailed mapping go to section Setting Up Data Feeds.

Additional resources

The following additional resources are available for this offering:

NIST National Vulnerability Database (NVD) Data Feed components

Architecture diagram

NIST archetecure diagram.

Applications

Application

Description

Vulnerability

Library

The Vulnerability Library application represents a catalog of vulnerability data collected from the National Vulnerabilities Database (NVD)/National Institute of Standards and Technology (NIST), Qualys Guard, and Tenable Security Center.

The Vulnerability Library is updated each week or month by data feeds depending on the source. The library includes data points such as:

•    Vulnerability publication date

•    Title

•    Consequence

•    Recommended solution

•    Severity

•    CVSS scoring.

Records can be linked to affected devices, vulnerability scan results, and malicious code found to exploit the vulnerability. The Vulnerability Library also provides a method for generating exception requests, identifying mitigating strategies, and denoting affected ports.

By tying vulnerabilities to assets, you can properly analyze, prioritize, and respond proactively to address the threat for vulnerable assets. The Vulnerability Library provides the ability to:

•    Automatically import data from NVD/NIST, Qualys Guard, and Tenable

•    Security Center.

•    Notify appropriate personnel automatically when new vulnerabilities are

identified.

Research potential threats and produce real-time reports that aid in the creation of action plans.

Vulnerability

Reference

Lists

The Vulnerability Reference Lists application provides a repository of public vulnerability references collected from the National Vulnerabilities Database (NVD)/National Institute of Standards and Technology (NIST), Qualys Guard, and Tenable Security Center, based on what vendor you are using to scan. The Vulnerability Reference List is updated based on a user-defined schedule to account for emerging threats. The application provides a list of entries, each containing a vulnerability identification number, a type, and a public reference for known Cyber Security vulnerabilities. The URL found in the application contains a list of public references detailing information about the vulnerability, such as a description, consequences of the vulnerability, and potential mitigation strategies.

Personas and access roles

The following table describes the functions that make up the application’s organization roles. Depending on the organization of your company, these functions and responsibilities may vary.

Function

Description

ITSVP: Analysts

This role provides the appropriate access levels to Analysts within the ITSVP use case to perform analysis and classify vulnerabilities accordingly.

ITSVP:

Operations

This role provides the appropriate access levels to Operators within the ITSVP use case.

ITSVP: Executive

Management

This role establishes the rights for Executive Management within the ITSVP use case. Users with this role are provided with read access to ITSVP applications.

ITSVP: Business

Management

This role provides access levels to the appropriate line of business within the ITSVP use case.

ITSVP: Admin

This role serves as the administrator for the ITSVP use case, providing create, read, update, and delete access rights.

Installing NIST National Vulnerability Database (NVD) Data Feed

This section provides instructions for configuring the NIST NVD Data Feed NVD_CVE_6.14 for the Archer IT Security Vulnerability Program use case. This document is not intended to suggest optimum installations or configurations.

It is assumed that the reader has both working knowledge of all products involved, and the ability to perform the tasks outlined in this section. Administrators should have access to the product documentation for all products to install the required components.

The Archer IT Security Vulnerability Program use case must be installed and working prior to the integration. Perform the necessary tests to confirm that this is true prior to proceeding.

Important: The integration described in this guide is being provided as a reference implementation for evaluation and testing purposes. It may or may not meet the needs and use cases for your organization. If additional customizations or enhancements are needed, it is recommended that customers contact Archer Professional Services for assistance.

Prerequisites (System Requirements)

The Vulnerability Library application is required for installation and operation of the NIST NVD Data Feed for the IT Security Vulnerabilities Program use case. It serves as the target application for the data feed.

Configure the JavaScript Transporter Settings

Before you upload a JavaScript file, you must configure JavaScript Transporter settings in the Archer Control Panel.

  1. On the General tab, go to the JavaScript Transporter section.

    1. Open the Archer Control Panel.

    2. Go to Instance Management and select All Instances.

    3. Select the instance.

    4. On the General tab, go to the JavaScript Transporter section.

  1. Set the Max Memory Limit and the Script Timeout variable to align with the resources necessary to retrieve data. Most incremental feeds can be achieved with a Max Memory Limit of 3048 MB (3 GB) and a Script Timeout of 300 minutes (5 hours).

  2. Require Signature is enabled by default on install and required for all Hosted clients.

    1. In the Signing Certificate Thumbprints section, add a thumbprint for each digitally signed JavaScript file.

      1. Double-click an empty cell in the Signing Certificate Thumbprints section.

      2. Enter the digital thumbprint of the trusted certificate used to sign the JavaScript file.

Note: For information on how to obtain digital thumbprints, see Obtaining Digital Thumbprints.

Important: If you enable Require Signature and do not specify thumbprints, JavaScript files will not be accepted by the system.

  1. On the toolbar, click Save.

Digital Thumbprints

When running JavaScript data feeds, you can set the system to only allow digitally signed JavaScript files from trusted sources for security considerations.

For a certificate to be trusted, all the certificates in the chain including the Root CA Certificate and Intermediate CA certificates must be trusted on both the Web Server and Services Server machines.

Archer Technologies LLC cert in the Trusted Root CA Store 

Archer Technologies LLC certificate is not present on every machine’s root by default. 

  1. On the JavaScript file, Right-click and select Properties.

    1. Click the Digital Signatures tab. 

    2. From the Signature List window, select Archer Technologies LLC. 

    3. Click the Details button. 

    4. Click View Certificate.

    5. Click Install Certificate.

    6. Select Local Machine and click Next.

    7. Select Place all certificates in the following store and click Browse.

      1. Select Trusted Root Certification Authorities and click OK.

      2. Click Next.

      3. Click Finish.

  1. Upon successful import, click OK.

Obtaining a Certificate Thumbprint 

  1. On the Web Server and Services Server machines, open the Manage Computer Certificates program. 

    1. Launch “certmgr” from the Start menu. 

    2. Navigate to Certificates – Local Computer > Trusted Root Certification Authorities > Certificates. 

  1. Verify that the certificate is trusted. 

    1. Double click the Archer Technologies LLC certificate. 

    2. In the Certificate window, click the Certification Path tab. 

    3. Ensure that the Certificate Status windows displays the following message: “This certificate is OK.” 

    Note: If the Certificate Status window displays something different, follow the on-screen instructions. 

  1. Obtain the trusted certificate thumbprint. 

    1. In the Certificate window, click the Details tab. 

    2. Scroll to, and select, the Thumbprint field.  

    3. The certificate's digital thumbprint appears in the window. Copy thumbprint. 

    Note: For information on adding digital thumbprints, see Step 4a of “Configure the JavaScript Transporter Settings” section of the document, regarding where thumbprint is relevant.

Setting Up Data Feeds

Important: Before you upload a JavaScript file, configure JavaScript Transporter settings in the Archer Control Panel. For more information, see Configure the JavaScript Transporter Settings.

Task 1: Import a data feed

  1. Go to the Manage Data Feeds page.

    1. From the menu bar, click Admin menu.

    2. Under Integration, click Data Feeds.

  1. In the Manage Data Feeds section, click Import.

  2. Locate and select the NVD_CVE_6.14.dfx5 file.

  3. Click Open.

  4. In the General Information section, in the Status field, select Active.

  5. In the Additional Properties section, enable Optimize Calculations.

  6. Click the Transport tab.

  7. In the Transport Configuration section, complete the following:

    1. Click Upload.

    2. From the Upload JavaScript File dialog, click Add New.

    3. Locate and select the signed-NVDAPI_V1.js file and click Open.

    4. From the Upload JavaScript File dialog, click OK.

  1. The JavaScript code allows clients to pass in different variables through our Custom Parameters section. The following table describes the supported values for specific Custom Parameters.

Key

Value

Description

nvdUrl

 

Requires valid value.

Default = [empty] 

 The URL of NVD API 2.0

(https://services.nvd.nist.gov/rest/json/cves/2.0)

apiKey

 

Optional

Default = [empty] 

The presence of the API key affects the rate of API requests.

  • For a valid API Key, the limit is 100 requests per minute. The API key can be requested from the following NVD link:

https://nvd.nist.gov/developers/request-an-api-key 

For API requests without API Key, the limit is 1 request per minute. The NVD API at first allows 10 requests per minute and eventually restricts API requests to 1 request per minute.

startIndex

 

Optional

Default = 0 

 This parameter specifies the index of the first CVE to be returned in the response data.

resultsPerPage

Requires valid value.

Default = 500 

 The date feed will accept value that is less than 500. In case where the parameter provided is more than 500 or is left black, the data feed will set the value to 500.

lastModifiedStartDate

 

Optional

Default = Current Date- 1 Year  

If type=’DATE’ and lastModifiedStartDate is not provided, then the data feed will set the value as CurrentDate-1 year.

 

lastModifedEndDate

 

Optional

Default = [empty]  

If type=’DATE’ and lastModifiedStartDate is not provided, then the data feed will set the value as CurrentDate.

 

type

Requires valid value.

Default = DATE 

The parameter has two valid values:

  • DATE- The API will follow the incremental date login using the lastModifiedStartDate and lastModifiedEndDate to fetch API responses.

  • INDEX- The API will follow the startIndex and resultsPerPage values to fetch API responses.

Important: The keys and values are case-sensitive and cannot include extra spaces at the end of the strings. The listed values are in place by default but can be configured to suit your environment.

Note: There are two approaches of fetching NVD response date from NVD API 2.0.

  1. Type= ‘INDEX’

    This approach is by setting the value of startIndex and resultsPerPage.

    1. startIndex-The startIndex is the offset parameter that specifies the index of the first CVE to be returned in the response data. The default value is 0.

    2. resultsPerPage-This parameter specifies the maximum number of CVE records to be returned in a single API response. The default value is set at 500. The Data Feed will consider any custom value that is less than 500.

  2. Type=’DATE’ (Default value)

    The second approach is using the lastModifiedStartDate and lastModifedEndDate date parameters. The data feed will fetch the NVD response by incrementing the date by 115 days (the maximum allowable range is 120 set by NVD).

    1. The system will consider the current date- 1 year to be the lastModifedStartDate if the value is not provided in the custom parameter.

    2. The system will consider the current date to be the lastModifedEndDate if the value is not provided in the custom parameter.

Initial Data Population

The value of the Type parameter is by default set to ‘INDEX.’ This setting would fetch all the NVD response from startIndex=0 to current data.

Maintaining Data

Change the value of the Type parameter to ‘DATE.’ The lastModifedStartDate and lastModifedEndDate parameters can be left blank. The date feed will incrementally update the records using the date parameters.

Please note that the value of the Type parameter must be set manually to ‘DATE’ after the initial data population.

The following additional parameters are valid options for the Custom Parameters section for the current JavaScript file.

Key  

Value  

Description 

batchSize

Default = 1000 (records at a time)

[Configurable] 

Used for defining batches of content to be retrieved in a single call. JavaScript makes incremental calls to pull the next batch of data. 

socketLimit

Default = 10

[Configurable value of 1-25]      

Indicates the maximum number of open socket channels to an endpoint to be used for TCP connections.

maxRetry

Default = 1

[Configurable value of 0-2] 

Indicates the number of times a retry will occur where a "socket hung up" error is encountered. If a retry is unsuccessful and the maxRetry is exceeded, the data feed will fail.

lastRunTimeOffset 

Default = -1

[Configurable value]  

Ensures no data loss in the scenarios where calculations with Datetime can be a factor.

10. For each key type, determine whether you want it to be Protected or Plain Text. Selecting Protected encrypts the key value for the specified key in the log.

11. Click the Source Definition tab.

  1. Click the Tokens sub-tab.

  2. Verify token values.

The following table describes token values to verify.

Token

Value

LastRunTime

(Populated by feed)

Note: For more information about tokens, see "Data Feed Tokens" in the Archer Online Documentation.

12. Verify that key field values are not missing from the data feed setup window.

13. Click Save

14. The following are the mappings of the source and target fields in the data feed.

Source Field

Target Field

ID

ID

Title

CVSS_V2_Access_Complexity

NVD CVSS V2 Access Complexity

CVSS_V2_Access_Vector

NVD CVSS V2 Access Vector

CVSS_V2_Authentication

NVD CVSS V2 Authentication

CVSS_V2_Availability_Impact

NVD CVSS V2 Availability Impact

CVSS_V2_Base_Score

NVD CVSS V2 Base Score

CVSS_V2_Confidentiality_Impact

NVD CVSS V2 Confidentiality Impact

CVSS_V2_Exploitability_Score

NVD CVSS V2 Exploitability Score

CVSS_V2_Impact_Score

NVD CVSS V2 Impact Score

CVSS_V2_Integrity_Impact

NVD CVSS V2 Integrity Impact

CVSS_V2_Severity

NVD CVSS V2 Severity

CVSS_V3_Attack_Complexity

NVD CVSS V3 Attack Complexity

CVSS_V3_Attack_Vector

NVD CVSS V3 Attack Vector

CVSS_V3_Availability_Impact

NVD CVSS V3 Availability Impact

CVSS_V3_Base_Score

NVD CVSS V3 Base Score

CVSS_V3_Base_Severity

NVD CVSS V3 Base Severity

CVSS_V3_Confidentiality_Impact

NVD CVSS V3 Confidentiality Impact

CVSS_V3_Exploitability_Score

NVD CVSS V3 Exploitability Score

CVSS_V3_Impact_Score

NVD CVSS V3 Impact Score

CVSS_V3_Integrity_Impact

NVD CVSS V3 Integrity Impact

CVSS_V3_Privileges_Required

NVD CVSS V3 Privileges Required

CVSS_V3_Scope

NVD CVSS V3 Scope

CVSS_V3_User_Interaction

NVD CVSS V3 User Interaction

DFMKey

DFMKey

NVD_Link_Helper

NVD Link Helper

Source

Source

Summary

Description

Vuln_Last_Mod_DateTime

NVD Last Modified Date

Vuln_Pub_DateTime

NVD Vulnerability Published Date

DFM_Key(VULN_REFERENCE_LIST)

DFMKey (Vulnerability Reference Lists)

Types->ListValues->ListValue

Type (Vulnerability Reference Lists)

URL

URL (Vulnerability Reference Lists)

Task 2: Schedule a data feed

Important: A data feed must be active and valid to successfully run.

As you schedule your data feed, the Data Feed Manager validates the information. If any information is invalid, an error message is displayed. You can save the data feed and correct the errors later; but the data feed does not process until you make corrections.

  1. Go to the Schedule tab of the data feed that you want to modify.

    1. From the menu bar, click Admin menu.

    2. Under Integration, click Data Feeds.

    3. Select the data feed.

    4. Click the Schedule tab.

  2. Go to the Recurrences section and complete frequency, start, and stop times, and time zone.

Field

Description

Frequency

Specifies the interval in which the data feed runs, for example, Minutely, Hourly, Daily, Weekly, Monthly, or Reference.

  • Minutely. Runs the data feed by the interval set.

For example, if you specify 45 in the Every list, the data feed executes every 45 minutes.

  • Hourly. Runs the data feed by the interval set, for example, every hour (1), every other hour (2) and so forth.

  • Daily. Runs the data feed by the interval set, for example, every day (1), every other day (2) and, so forth.

  • Weekly. Runs the data feed based on a specified day of the week, for example, every Monday of the first week (1), every other Monday (2), and so forth.

  • Monthly. Runs the data feed based on a specified week of the month, for example, 1st, 2nd, 3rd, 4th, or Last.

  • Recurrence. Runs a specified data feed as runs before the current one. This option indicates to the Data Feed Service that this data feed starts as soon as the referenced data feed is completed successfully. For example, you can select to have a Threats data feed run immediately after your Assets data feed finishes. From the Reference Feed list, select after which existing data feed the current data feed starts.

A reference data feed will not run when immediately running a data feed. The Run Data Feed Now option only runs the current data feed.

Every

Specifies the interval of the frequency in which the data feed runs.

Start Time

Specifies the time the data feed starts running.

Start Date

Specifies the date on which the data feed schedule begins.

Time Zone

Specifies the time zone in of the server that runs the data feed.

  1. (Optional) To override the data feed schedule and immediately run your data feed, in the Run Data Feed Now section, click Start.

  2. Click Save.

Certification Environment

Date Tested: June 2024

Product Name

Version Information

Operating System

Archer

6.14

Virtual Appliance