NIST shifts NVD to CISA KEV CVEs after 2024 funding

Get the Tech newsletter
Daily tech — startups, AI labs, chips, the launches that shape the next decade. Free.
- NIST narrows NVD analysis to CVEs in CISA’s known exploited catalog, focusing on critical software and infrastructure (per CyberScoop).
- CISA maintains the Known Exploited Vulnerabilities (KEV) list that NIST will now use as a priority filter (per source).
- Matt Kapko / CyberScoop reports the change is a response to a backlog caused by the 2024 funding lapse.
Why it matters: Government and enterprise security teams will receive faster CVE analysis for actively exploited bugs, reducing exposure.




