CVSS (Common Vulnerability Scoring System) is a scoring system that provides an open framework for determining the impact of information technology vulnerabilities and a format for communicating vulnerability characteristics. The CVSS standard is maintained by FIRST.
SCAP 1.0 and 1.2 policies are compliant with CVSS Version 2.0. Tell me more
CVSS Base Scores: http://nvd.nist.gov/
User Guide: "A Complete Guide to the Common Vulnerability Scoring System Version 2.0" at http://www.first.org/cvss/v2/guide
CVSS information is displayed in the SCAP compliance reports.
See Statement of CVSS Implementation