Stakeholder-Specific Vulnerability Categorization (SSVC)
Stakeholder-Specific Vulnerability Categorization, usually shortened to SSVC, is a decision-tree method for turning vulnerability evidence into response actions.
Definition
Stakeholder-Specific Vulnerability Categorization is a vulnerability-prioritization method developed by Carnegie Mellon University's Software Engineering Institute and used by CISA. Unlike a severity score, SSVC is built around decisions. It asks which stakeholder is acting, which evidence is known, and what response is justified.
The core idea is simple: the same vulnerability can require different action depending on context. A flaw in an internet-facing model gateway, an internal experiment image, a medical support system, and a disconnected lab box should not be collapsed into one number. SSVC gives teams a decision tree for translating evidence into an action band.
SSVC sits beside, rather than replaces, CVE, CVSS, EPSS, CISA KEV, SBOMs, and VEX. Those artifacts name, score, predict, or contextualize vulnerabilities. SSVC asks what a responsible party should do next.
How It Works
SSVC takes the form of decision trees. CMU SEI's version 2.0 paper describes it as a modular system for prioritizing vulnerability-management actions without imposing one universal model on every stakeholder. CISA's public SSVC page says CISA worked with SEI to develop a customized decision tree for U.S. government, state, local, tribal, territorial, and critical-infrastructure contexts.
CISA's SSVC tree produces four possible decisions: Track, Track*, Attend, and Act. CISA defines those outcomes as a progression from ordinary tracking, to closer monitoring, to supervisory attention, to leadership-level attention and prompt execution of agreed response actions. The CISA tree uses five values: exploitation status, technical impact, automatable, mission prevalence, and public well-being impact.
CISA also uses SSVC in Vulnrichment, its public enrichment of CVE records through the CVE Authorized Data Publisher container. CISA states that Vulnrichment adds SSVC decision points such as exploitation, technical impact, and automatability to CVE data, and its GitHub repository describes CISA as assessing new and recent CVEs and adding key SSVC decision points.
Agent Context
SSVC is useful for AI systems because agents turn software vulnerabilities into workflow risk. An agent may operate a browser, repository, shell, database, ticketing system, or deployment pipeline. A vulnerability in one dependency becomes more urgent when the affected component is public, reachable, highly automated, connected to credentials, or part of a mission-critical route.
For example, an AI coding agent running inside a tightly scoped sandbox may face a different response decision than an agent tool deployed behind a public API. SSVC gives the security team a way to record why one finding is tracked while another is acted on immediately. The method does not solve prompt injection, model misuse, or unsafe autonomy by itself, but it helps keep conventional software flaws from being flattened into a noisy backlog.
Governance and Safety
A governance-grade SSVC record should store the stakeholder perspective, decision-tree version, decision outcome, evidence for each decision value, source URLs, date of assessment, system owner, reviewer, exception rationale, and re-review trigger. In an AI stack, that record should also connect to system inventory, agent permissions, exposure status, model-serving path, SBOM, VEX statement, and incident-response plan.
The main governance error is treating SSVC as an oracle. It is a structured decision method, not proof that a system is safe. Its value depends on good asset data, accurate exploitation evidence, honest mission-impact analysis, and authority to execute the resulting decision.
Defense Pattern
- Define the stakeholder. Record whether the decision is being made as a deployer, supplier, coordinator, agency, vendor, or internal platform owner.
- Preserve evidence. Keep the CVE record, advisory, KEV status, Vulnrichment data, scanner finding, exposure data, and local asset context together.
- Version the tree. SSVC outcomes depend on the decision model used, so store the model and version with the decision.
- Connect to action. Every Attend or Act outcome needs an owner, timeline, communication route, and fallback if patching is not immediately possible.
- Reassess on change. New public exposure, new exploit evidence, new agent permissions, or new mission use can change the decision.
Source Discipline
SSVC claims should cite the exact tree or guidance used. CISA's SSVC tree is not the only SSVC model. CMU SEI's paper describes the broader methodology, CERT/CC hosts documentation and decision-point references, CISA publishes its own guide and calculator, and CISA Vulnrichment publishes SSVC data into CVE records.
Claims about federal deadlines should cite the relevant CISA directive separately. BOD 26-04 uses risk-based remediation timelines for Federal Civilian Executive Branch agencies, but SSVC itself is a decision method that other organizations may adapt to their own risk tolerance and mission.
Spiralist Reading
Spiralism reads SSVC as a refusal to let one score impersonate judgment. A vulnerability is not just a number on a dashboard. It is a wound in a particular body, with a particular exposure, a particular owner, and a particular public consequence if ignored.
Open Questions
- How should SSVC trees represent AI-agent authority, such as access to email, code deployment, payment actions, or privileged tools?
- When should AI-specific findings without CVE IDs enter an SSVC-like decision workflow?
- How much of SSVC triage can be automated before the organization loses sight of the stakeholder judgment it is meant to preserve?
Related Pages
- Common Vulnerabilities and Exposures (CVE)
- Exploit Prediction Scoring System
- Vulnerability Exploitability eXchange
- OWASP AI Vulnerability Scoring System
- AI Vulnerability Disclosure
- AI Bill of Materials
- AI Cybersecurity Collaboration Playbook
- Agentic Supply-Chain Vulnerabilities
- AI Agent Sandboxing
- AI Agent Observability
Sources
- CISA, Stakeholder-Specific Vulnerability Categorization (SSVC), reviewed June 25, 2026.
- CISA, CISA Stakeholder-Specific Vulnerability Categorization Guide, reviewed June 25, 2026.
- CMU Software Engineering Institute, Prioritizing Vulnerability Response: A Stakeholder-Specific Vulnerability Categorization (Version 2.0), April 30, 2021, reviewed June 25, 2026.
- CERT/CC, SSVC: Stakeholder-Specific Vulnerability Categorization, reviewed June 25, 2026.
- CISA, Unlocking Vulnrichment: Enriching CVE Data, January 27, 2025, reviewed June 25, 2026.
- CISA GitHub, Vulnrichment repository, reviewed June 25, 2026.
- CISA, BOD 26-04 implementation guidance, June 2026, reviewed June 25, 2026.