The National Vulnerability Database (NVD) of the National Institute of Standards and Technology (NIST) has announced that it will retire version 1.0 of its API on December 15th, 2023.
- If you are using the NIST NVD integration for ServiceNow check and if necessary update the following ServiceNow plugin: Vulnerability Response Integration with NVD
- Latest version available on the ServiceNow Store
- If you are using a legacy version of the plugin the integration will be non functional from December 15th, 2023
The National Vulnerability Database (NVD) is a comprehensive database of vulnerabilities maintained by the National Institute of Standards and Technology (NIST). It is a repository of information on software vulnerabilities, including descriptions, severity ratings, and remediation information. The NVD is an essential resource to use for staying up-to-date on the latest vulnerabilities and threats.
The Servicenow SecOps Vulnerability Response makes use of various third party integrations to provide enhanced visibility by providing additional data to help you determine the impact and priority of vulnerabilities. One of the key integrations in the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). The NIST NVD collects both Common Vulnerabilities and Exposures (CVE) and Common Platform Enumeration (CPE) data and makes that data available to the Now Platform®.
The NVD is continuously modernizing its support for web-based automation and data integration and has released the current version 2.0 of its APIs in late 2022, the older 1.0 was supported concurrently with the 2.0 for a limited time.
The NVD encourages users to use the 2.0 API as the 1.0 version will be retired on December 15th, 2023. Therefore it is crucial to ensure API 2.0 compatibility to maintain functionality of your NIST NVD integration.
Further actions
- Check out the documentation, roadmap and release notes of the API: 2022-23 Change Timeline (nist.gov) and Vulnerability APIs (nist.gov)
- To know more about how you can improve the security posture of your organization, contact our Devoteam consultants.
ServiceNow Vulnerability Response synthesizes asset, severity, exploit, risk, and threat intelligence insights into automated workflows for fast, reliable prioritization and remediation. Integrations available on the App Store plug into multiple cloud, container,application testing, vulnerability assessment, OT/IT discovery, patch deployment, and asset management tools for fast time to visibility across your evolving attack surface. This unified understanding helps both minimize blind spots and continuously calculate potential exposure based on threat intelligence and asset attributes. Native configuration compliance shows whether managed assets are deployed within policy and includes workflows to fix flaws and improve the security posture.
