{"id":260901,"date":"2026-05-29T12:07:00","date_gmt":"2026-05-29T16:07:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/05\/29\/federal-audit-reveals-nists-nvd-is-plagued-by-poor-planning-and-duplication\/"},"modified":"2026-06-01T07:30:28","modified_gmt":"2026-06-01T11:30:28","slug":"federal-audit-reveals-nists-nvd-is-plagued-by-poor-planning-and-duplication","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/05\/29\/federal-audit-reveals-nists-nvd-is-plagued-by-poor-planning-and-duplication\/","title":{"rendered":"Federal audit reveals NIST&#8217;s NVD is plagued by poor planning and duplication"},"content":{"rendered":"<p><a href=\"https:\/\/cyberscoop.com\/nist-nvd-audit-mismanagement-duplication\/\">Federal audit reveals NIST&#8217;s NVD is plagued by poor planning and duplication<\/a><\/p>\n<p><a href=\"https:\/\/cyberscoop.com\/nist-nvd-audit-mismanagement-duplication\/\">https:\/\/cyberscoop.com\/nist-nvd-audit-mismanagement-duplication\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-05-29 12:07:00<\/a><\/p>\n<p>Source Domain: <a href=\"cyberscoop.com\">cyberscoop.com<\/a><\/p>\n<p>A Department of Commerce inspector general report released Thursday found that the National Institute of Standards and Technology has mismanaged a critical cybersecurity vulnerability database through poor planning, inefficient operations, duplicate federal programs, and failure to communicate with users.<\/p>\n<p>The National Vulnerability Database, maintained by NIST since 2005, collects information about computer security flaws and adds details like severity ratings and affected products. This information helps cybersecurity professionals across government and the private sector decide which security problems to fix first. In February 2024, the database\u2019s enrichment contract lapsed, creating a backlog of unprocessed security flaws that has only grown worse.<\/p>\n<p>The report identified the lack of strategic planning as a core problem. NIST leaders admitted they had no long-term plan for clearing the backlog, even as it grew from about 13,000 unprocessed security flaws in June 2024 to over 27,000 by the end of 2025.<\/p>\n<p>NIST publicly promised in May 2024 that it would clear the backlog by September 2024, setting a goal of processing 6,200 security flaws per month, but the agency had never processed more than 5,000 per month in the past.<\/p>\n<p>The report found major inefficiencies in how NIST enriches the information that is attached to the vulnerabilities.\u00a0<\/p>\n<p>Analysts spend about 80% of their time on two tasks: calculating severity scores and identifying which products are affected. The inspector general\u2019s office tested NIST\u2019s severity scores and found they matched independent evaluators only 12% of the time. Also, nearly 80% of vulnerability submissions already include these scores from the companies that are responsible for the software. This means NIST is doing work that is often unnecessary and inconsistent. The inspector general proposed cutting back on severity score calculation work over the next two years, estimating that NIST would save $800,000&#8230;<\/p>\n<p><a href=\"https:\/\/cyberscoop.com\/nist-nvd-audit-mismanagement-duplication\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Federal audit reveals NIST&#8217;s NVD is plagued by poor planning and duplication https:\/\/cyberscoop.com\/nist-nvd-audit-mismanagement-duplication\/ Publish Date:&#8230;<\/p>\n","protected":false},"author":1,"featured_media":260902,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2017\/06\/Implementing-Digital-Authentication-In-Accordance-with-the-new-NIST-languages.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[33,24,27],"class_list":["post-260901","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-computer-security","tag-cybersecurity","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/260901"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=260901"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/260901\/revisions"}],"predecessor-version":[{"id":260903,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/260901\/revisions\/260903"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/260902"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=260901"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=260901"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=260901"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}