National Vulnerability Database (NVD) is a government repository of standards-based vulnerability information.
The NVD is a product of the National Institute of Standards and Technology (NIST) Computer Security Division and is used by the U.S. Government for security management and compliance as well as automatic vulnerability management.
The NVD is sponsored by the Department of Homeland Security (DHS), NCCIC and US-CERT. NVD is used as the repository for security-related content for NIST's security content automation protocol (SCAP). The National Security Agency (NSA), OSD, DHS, NIST, and DISA are all users of NVD as part of the government's information security automation program.
The automation of the systems through SCAP and NVD, for example, as well as patch management are enabled by the Federal Desktop Core Configuration (FDCC), a checklist for mandatory configuration settings on US government computers.