“Root” CVE Numbering Authorities (CNAs) manage a group of sub-CNAs within a given domain or community. For example, JPCERT/CC is a Root CNA, and CISA ICS and MITRE are Top-Level Root CNAs. Both Top-Level Root CNAs are also their own CNAs of Last Resort (CNA-LR).

Submitting to Top-Level Root and Root CNAs

Each Top-Level Root and Root CNA listed above has its own process for accepting CVE Records (formally called CVE Entries) from CNAs. Contact a specific Top-Level Root CNA-LR or Root CNA directly to request their specific submission requirements.

Submitting to the MITRE Top-Level Root CNA

A program for CNAs to submit CVE Records to the MITRE Top-Level Root CNA using JSON is available on the CVEProject website on GitHub.com. All CNAs are eligible to participate.

CNAs may also continue to use the CVE ID Request web form to submit CVE Records to the MITRE Top-Level Root CNA.

Resources

Help

For help, contact the MITRE Top-Level Root CNA: