A Collection of Information Security Community Standardization Activities and Initiatives

Common Result Format  
Download the CRF Specification:
  Last Modified Status
CRF Specification 0.3 September 13, 2007 DRAFT
CRF Schema 0.3 September 13, 2007 DRAFT


The Common Result Format (CRF™) - is a standardized IT asset assessment result format that facilitates the exchange of assessment results among systems to increase tool interoperability and allow for the aggregation of those results across large enterprises that utilize diverse technologies to detect patch levels, policy compliance, vulnerability, asset inventory, and other tasks. CRF leverages existing standardization efforts for common names and naming schemes to report the findings for assets.

Feedback Requested

We encourage members of the information security community to participate in the CRF effort by offering feedback on the current draft of the CRF Specification and XML Schema.

Please send feedback on the drafts — or any other comments and concerns — to commonresultformat@mitre.org.