ABSTRACT
Vulnerability assessment has become a critical national need in support of mission operations by realistically assessing attacker access to existing vulnerabilities and improving the ability of mission leaders and planners to triage which system vulnerabilities present the highest risk to mission assurance. Most sectors providing the underpinnings of modern society have come to critically rely on computers and computer networks to function properly. In general, vulnerability refers to any weakness of information technology, assets, or cyber-physical or control systems that could be exploited to launch an attack by an adversary. A computer network defense service provider (CNDSP) is an accredited organization responsible for delivering protection, detection, response, and sustainment services to its subscribers. Vulnerability is thought to be the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw.
