THREATOPS
THREAT OPSThreat News › NIST NVD Enrichment Policy Change: Prioritizing Vulnerabilities with Attacker Behavior Signals

NIST NVD Enrichment Policy Change: Prioritizing Vulnerabilities with Attacker Behavior Signals

lowrecordedfuturePublished 2026-05-14

<p>As of April 15, 2026, <a href="https://www.nist.gov/news-events/news/2026/04/nist-updates-nvd-operations-address-record-cve-growth">NIST</a> enriches only CVEs that appear in the CISA Known Exploited Vulnerabilities catalog, federal government software, or software designated critical under Executive Order 14028. Everything else carries a "Lowest Priority" status: no CVSS score, no affected pro

MITRE ATT&CK techniques

Indicators of compromise

Original source: https://www.recordedfuture.com/blog/nist-nvd-enrichment