BSI TR-03191 - Common Security Advisory Framework (CSAF)

The Common Security Advisory Framework (CSAF) is an international framework for the communication and automated distribution of machine-processable security information. It is published as an open standard by OASIS Open, originally in November 2022. CSAF significantly reduces the manual effort required to acquire security information and determine whether or not IT-products are affected. CSAF utilises JSON documents which enable organisations to automate the consumption and comparison of security information against a database of IT-assets or Software Bills of Materials (SBOMs). This assessment process is dramatically accelerated , hence allowing organisations to focus on managing risks and remediating vulnerabilities by freeing resources from handling security information.