Federal audit reveals NIST’s NVD is plagued by poor planning and duplication | CyberScoop<\/title> <meta name=\"description\" content=\"A federal audit reveals NIST's National Vulnerability Database is plagued by poor planning, a massive backlog, and costly work duplication with CISA.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/nist-nvd-audit-mismanagement-duplication\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Federal audit reveals NIST's NVD is plagued by poor planning and duplication\"> <meta property=\"og:description\" content=\"A federal audit reveals NIST's National Vulnerability Database is plagued by poor planning, a massive backlog, and costly work duplication with CISA.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/nist-nvd-audit-mismanagement-duplication\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2026-05-29T16:07:04+00:00\"> <meta property=\"article:modified_time\" content=\"2026-05-29T16:07:06+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/federal-audit-reveals-nists-nvd-is-plagued-by-poor-planning-and-duplication-2.jpg\"> <meta property=\"og:image:width\" content=\"2048\"> <meta property=\"og:image:height\" content=\"1152\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Greg Otto\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@gregotto\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1778775768g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1779818961g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1775068334g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=13897d660a0ac2c9c7d1\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/89214\"><meta name=\"generator\" content=\"WordPress 6.8.5\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=89214\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fnist-nvd-audit-mismanagement-duplication%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fnist-nvd-audit-mismanagement-duplication%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"wp-singular post-template-default single single-post postid-89214 single-format-standard wp-theme-scoopnewsgroup wp-child-theme-cyberscoop\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/nist-nvd-audit-mismanagement-duplication\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"26.936\">\n<div class=\"single-article__header-content\" readability=\"37.443277310924\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/nist-nvd-audit-mismanagement-duplication\/\"> <span>Government<\/span> <\/a> <\/li>\n<\/ul>\n<p> A report from the Commerce Inspector General details how mismanagement allowed a backlog of 27,000 unprocessed security flaws to grow unchecked, while the agency duplicated work with a similar CISA program. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/89214\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"360\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/federal-audit-reveals-nists-nvd-is-plagued-by-poor-planning-and-duplication.jpg?resize=640%2C360&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/federal-audit-reveals-nists-nvd-is-plagued-by-poor-planning-and-duplication-2.jpg 2048w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/federal-audit-reveals-nists-nvd-is-plagued-by-poor-planning-and-duplication-2.jpg?resize=300,168 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/federal-audit-reveals-nists-nvd-is-plagued-by-poor-planning-and-duplication-2.jpg?resize=768,432 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/federal-audit-reveals-nists-nvd-is-plagued-by-poor-planning-and-duplication-2.jpg?resize=1024,576 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/federal-audit-reveals-nists-nvd-is-plagued-by-poor-planning-and-duplication-2.jpg?resize=1536,864 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/federal-audit-reveals-nists-nvd-is-plagued-by-poor-planning-and-duplication-2.jpg?resize=600,337 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/federal-audit-reveals-nists-nvd-is-plagued-by-poor-planning-and-duplication-2.jpg?resize=1200,675 1200w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/federal-audit-reveals-nists-nvd-is-plagued-by-poor-planning-and-duplication-2.jpg?resize=1500,843 1500w\" sizes=\"(max-width: 1200px) 100vw, 1200px\"><figcaption> (NIST building \/ CC2.0) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"47.703855466567\"><body readability=\"97.667870036101\"><\/p>\n<p>A Department of Commerce inspector general report released Thursday found that the National Institute of Standards and Technology has mismanaged a critical cybersecurity <a href=\"https:\/\/cyberscoop.com\/tag\/vulnerabilities\/\">vulnerability<\/a> database through poor planning, inefficient operations, duplicate federal programs, and failure to communicate with users.<\/p>\n<p>The <a href=\"https:\/\/nvd.nist.gov\/\">National Vulnerability Database<\/a>, maintained by <a href=\"https:\/\/cyberscoop.com\/tag\/national-institute-of-standards-and-technology-nist\/\">NIST<\/a> since 2005, collects information about computer security flaws and adds details like severity ratings and affected products. This information helps cybersecurity professionals across government and the private sector decide which security problems to fix first. In February 2024, the database\u2019s enrichment contract lapsed, creating a backlog of unprocessed security flaws that has only grown worse.<\/p>\n<p>The report identified the lack of strategic planning as a core problem. NIST leaders admitted they had no long-term plan for clearing the backlog, even as it grew from about 13,000 unprocessed security flaws in June 2024 to over 27,000 by the end of 2025.<\/p>\n<p>NIST publicly promised in May 2024 that it would clear the backlog by September 2024, setting a goal of processing 6,200 security flaws per month, but the agency had never processed more than 5,000 per month in the past.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>The report found major inefficiencies in how NIST enriches the information that is attached to the vulnerabilities. <\/p>\n<p>Analysts spend about 80% of their time on two tasks: calculating severity scores and identifying which products are affected. The inspector general\u2019s office tested NIST\u2019s severity scores and found they matched independent evaluators only 12% of the time. Also, nearly 80% of vulnerability submissions already include these scores from the companies that are responsible for the software. This means NIST is doing work that is often unnecessary and inconsistent. The inspector general proposed cutting back on severity score calculation work over the next two years, estimating that NIST would save $800,000 that it could redirect to other program areas.<\/p>\n<p>Another efficiency problem highlighted is the program\u2019s manual process for identifying affected products. Creating these standardized product identifiers takes a lot of time and keeps analysts from clearing the backlog. NIST is developing tools to make this faster, but it remains a major slowdown.<\/p>\n<p>The report also found major duplication between two federal security programs. When the Cybersecurity and Infrastructure Security Agency launched its own <a href=\"https:\/\/github.com\/cisagov\/vulnrichment\">Vulnrichment program in May 2024<\/a>, there was no coordination between the agencies, leading to NIST analysts sometimes repeating work that CISA analysts had already completed. Additionally, the two agencies even hired the same contractor for portions of the same work. The inspector general found at least 21,000 cases of duplicated work between May 2024 and December 2025, wasting approximately $200,000 in the process. <\/p>\n<p>Communication failures have made the problems worse. In April 2024, over 50 cybersecurity professionals <a href=\"https:\/\/docs.google.com\/document\/d\/1y6JXhh52b1OMxLMQyl_WH0R2-85iYEBzjSm_fhv8-GY\/edit?tab=t.0\">sent an open letter<\/a> to Congress complaining that NIST was <a href=\"https:\/\/cyberscoop.com\/plan-to-resuscitate-beleaguered-vulnerability-database-draws-criticism\/\">not being transparent<\/a> about the database\u2019s problems. Neither NIST nor the Department of Commerce answered the letter.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Vulnerability database programs managed by the federal government have been a point of contention for the cybersecurity community over the past two years. Earlier this year, <a href=\"https:\/\/cyberscoop.com\/nist-narrows-cve-analysis-nvd\/\">NIST announced<\/a> that it has narrowed its priorities for the NVD, focusing only on vulnerabilities in CISA\u2019s KEV catalog, software used by the federal government, and critical software identified under <a href=\"https:\/\/www.federalregister.gov\/documents\/2021\/05\/17\/2021-10460\/improving-the-nations-cybersecurity\">Executive Order 14028<\/a>.<\/p>\n<p>A similar program that serves as a catalog of known security flaws, the Common Vulnerabilities and Exposures (<a href=\"https:\/\/cyberscoop.com\/tag\/cve\/\">CVE<\/a>) list, has had similar issues over the past few years. That program, run by <a href=\"https:\/\/cyberscoop.com\/tag\/cybersecurity-and-infrastructure-security-agency-cisa\/\">CISA<\/a>, narrowly <a href=\"https:\/\/cyberscoop.com\/cisa-reverses-course-extends-mitre-cve-contract\/\">escaped<\/a> a sudden demise when a last-minute, 11-month contract extension averted a shutdown in April 2025. Since then, <a href=\"https:\/\/cyberscoop.com\/cve-program-funding-crisis-nvd-cisa-alternatives\/\">several competing databases<\/a> from European nonprofits and other private entities have been stood up in order to better coordinate how vulnerabilities are tracked, disclosed, and ultimately patched.<\/p>\n<p>The inspector general recommended that NIST create a long-term plan for the database, set up a plan to clear the backlog with specific goals, cut back on unnecessary severity score work, make it easier for outside companies to help identify affected products, immediately start working with CISA to stop duplicating work, and develop a plan to communicate better with users.<\/p>\n<p>NIST agreed with all six recommendations and said it is working on them. The agency must submit a plan showing how it will address these problems by late July.<\/p>\n<p>You can read the full report <a href=\"https:\/\/www.oig.doc.gov\/reports\/?entry=70787\">here<\/a>. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"3.4962063732929\">\n<div class=\"author-card\" readability=\"14\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/federal-audit-reveals-nists-nvd-is-plagued-by-poor-planning-and-duplication-1.jpg?w=640&ssl=1\" alt=\"Greg Otto\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Greg Otto<\/h4>\n<p> Greg Otto is Editor-in-Chief of CyberScoop, overseeing all editorial content for the website. Greg has led cybersecurity coverage that has won various awards, including accolades from the Society of Professional Journalists and the American Society of Business Publication Editors. Prior to joining Scoop News Group, Greg worked for the Washington Business Journal, U.S. News & World Report and WTOP Radio. He has a degree in broadcast journalism from Temple University. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/nist-nvd-audit-mismanagement-duplication\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Federal audit reveals NIST’s NVD is plagued by poor planning<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1765,452,6757,117,1352,1767,927,643],"tags":[1770,454,6758,119,1354,1772,929,645],"class_list":["post-8695","post","type-post","status-publish","format-standard","hentry","category-cve","category-cybersecurity-and-infrastructure-security-agency-cisa","category-department-of-commerce","category-government","category-inspector-general","category-national-vulnerability-database","category-nist","category-vulnerabilities","tag-cve","tag-cybersecurity-and-infrastructure-security-agency-cisa","tag-department-of-commerce","tag-government","tag-inspector-general","tag-national-vulnerability-database","tag-nist","tag-vulnerabilities"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cve\/\" rel=\"category tag\">CVE<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity-and-infrastructure-security-agency-cisa\/\" rel=\"category tag\">Cybersecurity and Infrastructure Security Agency (CISA)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/department-of-commerce\/\" rel=\"category tag\">Department of Commerce<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/government\/\" rel=\"category tag\">Government<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/inspector-general\/\" rel=\"category tag\">Inspector general<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/national-vulnerability-database\/\" rel=\"category tag\">National Vulnerability Database<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/nist\/\" rel=\"category tag\">NIST<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/vulnerabilities\/\" rel=\"category tag\">vulnerabilities<\/a>","tag_info":"vulnerabilities","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8695","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=8695"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8695\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=8695"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=8695"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=8695"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":8695,"date":"2026-05-29T11:07:04","date_gmt":"2026-05-29T16:07:04","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=89214"},"modified":"2026-05-29T11:07:04","modified_gmt":"2026-05-29T16:07:04","slug":"federal-audit-reveals-nists-nvd-is-plagued-by-poor-planning-and-duplication","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2026\/05\/29\/federal-audit-reveals-nists-nvd-is-plagued-by-poor-planning-and-duplication\/","title":{"rendered":"Federal audit reveals NIST\u2019s NVD is plagued by poor planning and duplication"},"content":{"rendered":"