CWE

Common Weakness Enumeration

A community-developed list of SW & HW weaknesses that can become vulnerabilities
New to CWE? click here!
CWE Most Important Hardware Weaknesses
CWE Top 25 Most Dangerous Weaknesses
Home > CWRAF > CWE List > CWRAF Domains  
ID

CWRAF Domains

The MITRE Corporation
Copyright © 2013
http://cwe.mitre.org/cwraf/

CWRAF version: 0.8.3

Date: April 3, 2013

Project Coordinator:

Bob Martin (MITRE)

Document Editor:

Steve Christey (MITRE)
Domain Summary
Domain Summary

This is an up-to-date list of domains as used by CWRAF. For each domain, a list of associated vignettes is provided.

DomainDescription
e-Commerce The use of the Internet or other computer networks for the sale of products and services, typically using the WWW.

Vignettes: Web-Based Retail Provider

Banking & Finance Financial industry, including depository financial institutions (banks, thrifts, and credit unions), insurers, securities brokers/dealers, investment companies, some financial utilities, and their associated regulatory systems and agencies.

Vignettes: Financial Trading, Online Banking

Energy Smart Grid (electrical network through a large region, using digital technology for monitoring or control), nuclear power stations, oil and gas transmission, etc.

Vignettes: Household Smart Meter, Smart Grid remote utility server, Smart Grid Neighborhood Gateway, Regional Electricity Flow Control, SCADA Historian, Distributed Production Facility Management using SCADA Web-based HMI

Chemical Chemical processing and distribution, etc.

Vignettes: Chemical Flow Control

Manufacturing Plants and distribution channels, supply chain, etc.

No vignettes defined.

Shipping & Transportation Aerospace (such as safety-critical ground aviation systems, on-board avionics, etc.), highway, maritime transportation, mass transit, pipeline systems, and rail.

No vignettes defined.

National Defense Weapon systems, Intel networks, Defense Industrial Base, etc.

Vignettes: Weapon system sensor

Homeland Security CBP, Coast Guard, Secret Service, TSA, etc.

No vignettes defined.

Government (Other) Government (other than National Defense and Homeland Security)

No vignettes defined.

Emergency Services Systems and services that support for First Responders, incident management and response, law enforcement, and emergency services for citizens, etc. The organizations and processes for protecting and preserving critical assets before, during, and after a disaster or catastrophe.

Vignettes: First Responder

Public Health Health care, medical encoding and billing, patient information/data, critical or emergency care, medical devices (implantable, partially embedded, patient care), drug development and distribution, food processing, clean water treatment and distribution (including dams and processing facilities), etc.

Vignettes: Medical Billing, Human Medical Devices

Food & Water Food processing, clean water treatment and distribution (including dams and processing facilities), etc.

No vignettes defined.

Telecommunications Cellular services, land lines, VOIP, cable & fiber networks, etc.

Vignettes: Teleworking - Remote Access Server, Teleworking - Web Mail

Teleworking Support for employees to have remote access to internal business networks and capabilities, e.g. networking-capable PDAs and cell phones, VPNs, Network Access Control (NAC), Web-based email services, etc.

No vignettes defined.

e-Voting Electronic voting systems, whether for state-run elections, shareholder meetings, etc.

Vignettes: State Election Administration using remote Internet voting via absentee ballot, State or Local Elections using eVoting via Direct Recording Election Machines., State or Local Elections using eVoting via an Internet web application, Corporate Shareholder Internet voting

Social Media (Example Domain) The use of the Internet or other computer networks for communication, collaboration, or entertainment in which a large group of users can interact with each other. This includes social networking, wikis, blogs, music and photograph sharing, product/service reviews, bookmarking, etc.

Vignettes: Social Networking, Electronic Dating

Human Resources (Example Domain) Human resources - management of personnel within an organization, including recruitment, compensation (salary and benefits), performance assessment, training, etc.

Vignettes: Employee Compensation

Back to top
Page Last Updated: January 18, 2017
 

Use of the Common Weakness Enumeration (CWE™) and the associated references from this website are subject to the Terms of Use. CWE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and managed by the Homeland Security Systems Engineering and Development Institute (HSSEDI) which is operated by The MITRE Corporation (MITRE). Copyright © 2006–2024, The MITRE Corporation. CWE, CWSS, CWRAF, and the CWE logo are trademarks of The MITRE Corporation.