The Cybersecurity and Infrastructure Security Agency has partnered with Mitre to help ensure the proper classification of industrial control systems under the latter’s Common Vulnerabilities and Exposures program.
CISA will serve as a Top-Level Root CVE Numbering Authority and assign CVE identifiers for cyber vulnerabilities in technologies offered by participating ICS and medical device vendors, Mitre said Tuesday.
As a CNA, the Department of Homeland Security component will manage a team of numbering authorities, handle CNA recruitment procedures and ensure the implementation of CVE program policies.
Bryan Ware, assistant director for cybersecurity at CISA, said the partnership is meant to encourage more participants in the CVE effort while driving engagement across the program's stakeholder network.
“The CVE Program is excited to partner with CISA to grow the program to better meet stakeholder needs,” noted Chris Levendis, a principal systems engineer at Mitre and board member for the CVE initiative.
Mitre's CVE database serves a list of cybersecurity vulnerabilities along with their corresponding descriptions and identifiers. CVE entries have been used to catalog products and services globally, including offerings under the U.S. National Vulnerability Database.