The purpose of the CISA CSAF (Common Security Advisory Framework) Aggregator Repository is to list or mirror Trusted Providers, allowing for a single point where CSAF documents can be retrieved.
CSAF Aggregator was designed following the standard published by OASIS Open.
Please submit issues to the Issues Tracker of the CSAF Aggregator repository with any comments or questions.
For details of CISA's CSAF Aggregator Role visit CISA CSAF Aggregator JSON
Any CSAF Trusted Providers that would like their CSAF distributions mirrored on the CISA CSAF Aggregator must follow the following CSAF data quality points:
Each CSAF must contain the following minimum set of information for each Vulnerability listed:
- CVE
- CWE
- CVSS scoring
- Vulnerability Description
- Known Affected Products
- A Remediation entry for the Known Affected Products