Name of Your Organization:

NSFocus Information Technology (Beijing) Co., Ltd.

Web Site:

http://www.nsfocus.com

Compatible Capability:

ICEYE NIDS

Capability home page:

http://www.nsfocus.com/english/homepage/products/nids.htm (english)
http://www.nsfocus.com/homepage/products/nids.htm (chinese)

General Capability Questions

1) Product Accessibility <CR_2.4>

Provide a short description of how and where your capability is made available to your customers and the public (required):

NSFocus makes information about security vulnerabilities publicly available on its website; customers can also download and install product updates on the website.

Related resources and links:

NSFocus Vulnerability Database:
http://www.nsfocus.net/index.php?act=sec_bug (chinese)

ICEYE NIDS Component Update:
http://update.nsfocus.com/nids/index.php (chinese)

Mapping Questions

4) Map Currency Indication <CR_5.1>

Describe how and where your capability indicates the most recent CVE version used to create or update its mappings (required):

We check for new CVE versions and complete related updates in the next regular update.

5) Map Currency Update Approach <CR_5.2>

Indicate how often you plan on updating the mappings to reflect new CVE versions and describe your approach to keeping reasonably current with CVE versions when mapping them to your repository (recommended):

We review CVE website weekly, and will generate a list of CVE names to be updated via script tools within 3 days if any new CVE version is made available, then complete the update in a few days afterwards, depending on the amount of CVE entries to be updated and workload at that time.

6) Map Currency Update Time <CR_5.3>

Describe how and where you explain to your customers the timeframe they should expect an update of your capability's mappings to reflect a newly released CVE version (recommended):

ICEYE NIDS is updated weekly. Any revisions to CVE information during update intervals will be timely included in the update file. We will not make any specific explanation to CVE version for the customers.
Documentation Questions

7) CVE and Compatibility Documentation<CR_4.1>

Provide a copy, or directions to its location, of where your documentation describes CVE and CVE compatibility for your customers (required):

ICEYE NIDS
http://www.nsfocus.com/english/homepage/products/nids.htm (english)
http://www.nsfocus.com/homepage/products/nids.htm (chinese)

NSFocus products CVE compatible description:
http://www.nsfocus.com/english/homepage/products/cve.htm (english)
http://www.nsfocus.com/homepage/products/cve.htm (chinese)

8) Documentation of Finding Elements Using CVE Names <CR_4.2>

Provide a copy, or directions to its location, of where your documentation describes the specific details of how your customers can use CVE names to find the individual security elements within your capability's repository (required):

CVE names may be used as a search criterion from the search page at http://www.nsfocus.net/index.php?act=sec_bug

The description and procedures have been documented at
http://www.nsfocus.com/english/homepage/products/cve.htm (english)
http://www.nsfocus.com/homepage/products/cve.htm (chinese)

The figure below shows the search capability.

9) Documentation of Finding CVE Names Using Elements <CR_4.3>

Provide a copy, or directions to its location, of where your documentation describes the process a user would follow to find the CVE names associated with individual security elements within your capability's repository (required):

Security information can be searched from the search page at http://www.nsfocus.net/index.php?act=sec_bug via general key words. If the information is related to specific CVE information, then the CVE name and link to MITRE website will appear in Description section. The description and procedures have been documented at http://www.nsfocus.com/english/homepage/products/cve.htm (english)
http://www.nsfocus.com/homepage/products/cve.htm (chinese) Detailed alert information can be searched from online Help text via alert name or other key words. If the alert is related to specific CVE information, then the CVE name and link to MITRE website will appear in it.

The figures below shows the CVE name link.

10) Documentation Indexing of CVE-Related Material <CR_4.4>

If your documentation includes an index, provide a copy of the items and resources that you have listed under "CVE" in your index. Alternately, provide directions to where these "CVE" items are posted on your web site (recommended):

For ICEYE NIDS a list of CVE-related vulnerability is conveniently available by searching "CVE" in its Help file.
Candidate Support Questions

11) Candidates Versus Entries Indication <CR_6.1>

If CVE candidates are supported or used, explain how you indicate that candidates are not accepted CVE entries (required):

The following page on NSFocus website describes the difference between CAN and CVE name:
http://www.nsfocus.com/english/homepage/products/cve.htm (english)
http://www.nsfocus.com/homepage/products/cve.htm (chinese)

12) Candidates Versus Entries Explanation <CR_6.2>

If CVE candidates are supported or used, explain where and how the difference between candidates and entries is explained to your customers (recommended):

The following page on NSFocus website describes the difference between CAN and CVE name:
http://www.nsfocus.com/english/homepage/products/cve.htm (english)
http://www.nsfocus.com/homepage/products/cve.htm(chinese)

13) Candidate to Entry Promotion <CR_6.3>

If CVE candidates are supported or used, explain your policy for changing candidates into entries within your capability and describe where and how this is communicated to your customers (recommended):

NSFocus Security Team checks for CVE name changes weekly, and makes corresponding modification if there is any change. After MITRE issues a Final Decision list for a given CVE version, NSFocus Security Team will generate a list of CVE names to be modified via script tools, and the resultant work can typically be completed in a few days, depending on current workload and the number of promoted candidates. Products that use NSFocus Security Information Database uptake the updated information at the next major product version release, or during the next applicable update.

NSFocus will try to update modified CVE names at the earliest opportunity, but will not inform customers of these changes individually.

14) Candidate and Entry Search Support <CR_6.4>

If CVE candidates are supported or used, explain where and how a customer can find the explanation of your search function's ability to look for candidates and entries by using just the YYYY-NNNN portion of the CVE names (recommended):

NSFocus Security Information Database search engine supports partial matches of the form YYYY-NNNN. The documentation describing this capability is available at

http://www.nsfocus.com/english/homepage/products/cve.htm (english)
http://www.nsfocus.com/homepage/products/cve.htm (chinese)

15) Search Support for Promoted Candidates <CR_6.5>

If CVE candidates are supported or used, explain where and how a customer can find the explanation of your search function's support for retrieving the CVE entry for a candidate that is no longer a candidate (recommended):

NSFocus recommends to search partial matches of the form YYYY-NNNN.

16) Candidate Mapping Currency Indication <CR_6.6>

If CVE candidates are supported or used, explain where and how you tell your users how up-to-date your candidate information is (recommended):

NSFocus will try to update modified CVE names at the earliest opportunity, but will not inform customers of these changes individually.

Type-Specific Capability Questions

Tool Questions

17) Finding Tasks Using CVE Names <CR_A.2.1>

Give detailed examples and explanations of how a user can locate tasks in the tool by looking for their associated CVE name (required):

Users can utilize product's online Help in order to find related CVEs and information about the corresponding CVE. Links to http://cve.mitre.org are also commonly available.

18) Finding CVE Names Using Elements in Reports <CR_A.2.2>

Give detailed examples and explanations of how, for reports that identify individual security elements, the tool allows the user to determine the associated CVE names for the individual security elements in the report (required):

CVE details and links are provided in most ICEYE NIDS alerts if only corresponding CVE name is available. Each available CVE can be searched by its name in ICEYE NIDS online Help.

19) Getting a List of CVE Names Associated with Tasks <CR_A.2.4>

Give detailed examples and explanations of how a user can obtain a listing of all of the CVE names that are associated with the tool's tasks (recommended):

A user can obtain a listing or all vulnerabilities and related CVE from within the online Help. The user can enter 'CVE' and 'Search'. The total number of vulnerabilities is then listed in the left view pane followed by each vulnerability name. CVEs are then listed in each vulnerability in the right hand view of Help window.

22) Non-Support Notification for a Requested CVE Name <CR_A.2.7>

Provide a description of how the tool notifies the user that task associated to a selected CVE name cannot be performed (recommended):

If there is no check in the online Help, the task associated to a selected CVE cannot be done.
Online Capability Questions

26) Finding Online Capability Tasks Using CVE Names <CR_A.4.1>

Give detailed examples and explanations of how a "find" or "search" function is available to the user to locate tasks in the online capability by looking for their associated CVE name or through an online mapping that links each element of the capability with its associated CVE name(s) (required):

  1. From the search Webpage of NSFocus Security Information Database http://www.nsfocus.net/index.php?act=sec_bug enter the CVE name in one of the following formats:

    Format Example
    CVE-YYYY-NNNN CVE-2004-0122
    CAN-YYYY-NNNN CAN-2004-1064
    YYYY-NNNN 2004-0122

  2. Select "Search by Keyword". The Keyword Search Results page appears.
  3. Under the displaying results list, select the appropriate link for more information. CVE or CAN and vulnerability details appear in the "Description" section.

27) Online Capability Interface Template Usage <CR_A.4.1.1>

Provide a detailed description of how someone can use your "URL template" to interface to your capability's search function (recommended):

Examples:

http://www.example.com/cgi-bin/db-search.cgi?cvename=CVE-YYYY-NNNN
http://www.example.com/cve/CVE-YYYY-NNNN.html

From the search Webpage of NSFocus Security Information Database http://www.nsfocus.net/index.php?act=sec_bug enter the CVE name in one of the following formats:

Format Example
CVE-YYYY-NNNN CVE-2004-0122
CAN-YYYY-NNNN CAN-2004-1064
YYYY-NNNN 2004-0122

28) Online Capability CGI Get Method Support <CR_A.4.1.2>

If the URL template is for a CGI program, does it support the HTTP "GET" method? (recommended):

  1. From the search Webpage of NSFocus Security Information Database http://www.nsfocus.net/index.php?act=sec_bug enter the CVE name in the following formats:

    Format Example
    CVE(CAN)

  2. Select "Search by Keyword". The Keyword Search Results page appears.
  3. Under the displaying results list, select the appropriate link for more information. CVE or CAN and vulnerability details appear in the "Description" section.

29) Finding CVE Names Using Online Capability Elements <CR_A.4.2>

Give detailed examples and explanations of how, for reports that identify individual security elements, the online capability allows the user to determine the associated CVE names for the individual security elements in the report (required):

This capability is available on each Web page in product's alert detail section. For CAN and CVE names, the section lists the CVE name, a link to the MITRE CVE entry for the same name (opens in a new browser window).

For example:
http://www.nsfocus.net/index.php?act=sec_bug&do=view&bug_id=6160&keyword=CVE-2004-0122

In "Description" section, CVE-2004-0122 is the CVE name of this entry, which links to the corresponding CVE information in MITRE website: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0122 CVE names appearing in Description section are the latest CVE or CAN names. NSFocus Security Team will not keep revision history for specific security information-related CVE/CAN names.

30) Online Capability Element to CVE Name Mapping <CR_A.4.3>

If details for individual security elements are not provided, give examples and explanations of how a user can obtain a mapping that links each element with its associated CVE name(s), otherwise enter N/A (required):

From the search Webpage of NSFocus Security Information Database http://www.nsfocus.net/index.php?act=sec_bug enter the CVE name in one of the following formats:

Format Example
CVE-YYYY-NNNN CVE-2004-0122
CAN-YYYY-NNNN CAN-2004-1064
YYYY-NNNN 2004-0122

Media Questions

31) Electronic Document Format Info <CR_B.3.1>

Provide details about the different electronic document formats that you provide and describe how they can be searched for specific CVE-related text (required):

RSAS and ICEYE NIDS provide output in PDF, HTM, and RTF. Each is searchable via the browser, viewer or editor chosen.

32) Electronic Document Listing of CVE Names <CR_B.3.2>

If one of the capability's standard electronic documents only lists security elements by their short names or titles provide example documents that demonstrate how the associated CVE names are listed for each individual security element (required):

Currently, when security elements are listed by titles, we provide no mapping in our reports on how a CVE name is related to each individual security element.

33) Electronic Document Element to CVE Name Mapping <CR_B.3.3>

Provide example documents that demonstrate the mapping from the capability's individual elements to the respective CVE name(s) (recommended):

Within online Help of our products there is a search function that allows users to find CVEs that we have the ability to audit systems with.
Graphical User Interface (GUI)

34) Finding Elements Using CVE Names Through the GUI <CR_B.4.1>

Give detailed examples and explanations of how the GUI provides a "find" or "search" function for the user to identify your capability's elements by looking for their associated CVE name(s) (required):

CVE information can be found in the product Help text, it will detail
what CVE is, and also covers details of detectable exploits and how
to relate to corresponding CVE. Both Help texts can be searched by
content, index, search or favorites within the Help module.

35) GUI Element to CVE Name Mapping <CR_B.4.2>

Briefly describe how the associated CVE names are listed for the individual security elements or discuss how the user can use the mapping between CVE entries and the capability's elements, also describe the format of the mapping (required):

In our Vulnerability Details section within the product we have the associated CVEs included in the vulnerability description. Click CVE name, then a new browser page that links to corresponding CVE name in MITRE website will appear.

36) GUI Export Electronic Document Format Info <CR_B.4.3>

Provide details about the different electronic document formats that you provide for exporting or accessing CVE-related data and describe how they can be searched for specific CVE-related text (recommended):

Export document provides output in HTML and RTF format. Each is searchable via the browser or editor chosen according to CVE information.
Questions for Signature

37) Statement of Compatibility <CR_2.7>

Have an authorized individual sign and date the following Compatibility Statement (required):

"As an authorized representative of my organization I agree that we will abide by all of the mandatory CVE Compatibility Requirements as well as all of the additional mandatory CVE Compatibility Requirements that are appropriate for our specific type of capability."

Name: Li Qun

Title: Director of NSFocus Development Dept.

38) Statement of Accuracy <CR_3.4>

Have an authorized individual sign and date the following accuracy Statement (recommended):

"As an authorized representative of my organization and to the best of my knowledge, there are no errors in the mapping between our capability's Repository and the CVE entries our capability identifies."

Name: Zuo Lei

Title: Director of NSFocus Research Dept.

Page Last Updated or Reviewed: April 28, 2016