{"id":27756,"date":"2023-09-12T10:11:43","date_gmt":"2023-09-12T04:41:43","guid":{"rendered":"https:\/\/www.getastra.com\/blog\/?p=27756"},"modified":"2023-12-29T11:59:39","modified_gmt":"2023-12-29T06:29:39","slug":"nist-vulnerability-assessment","status":"publish","type":"post","link":"https:\/\/www.getastra.com\/blog\/compliance\/nist\/nist-vulnerability-assessment\/","title":{"rendered":"A Closer Look at NIST Vulnerability Assessment Process"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">Protecting sensitive information and securing digital assets now require the use of cybersecurity. Organizations must employ proactive steps to spot and address vulnerabilities as cyber threats continue to become more complex and sophisticated. <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Vulnerability assessment is one such method, which is important in cybersecurity risk management. The importance of the National Institute of Standards and Technology (NIST) Vulnerability Assessment Framework in securing security posture will be examined in this blog post.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"What_is_NIST_Vulnerability_Assessment\"><\/span>What is NIST Vulnerability Assessment?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">When we&#8217;re dealing with a NIST vulnerability assessment framework, we&#8217;re dealing with a process whose main goal is to detect, measure, and prioritize vulnerabilities in the IT infrastructure of an organization. These vulnerabilities come in all shapes and sizes &#8211; from software glitches and hardware malfunctions to misguided configurations and more.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The primary aim of the NIST Vulnerability Assessment is not only to identify existing vulnerabilities but also to serve as a springboard for organizations to enhance their overall cybersecurity stance. This translates into creating a forward-thinking cybersecurity plan that is always one step ahead of potential threats, keeps the organization&#8217;s key assets under lock and key, and minimizes the risk of successful cyber attacks.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1920\" height=\"1080\" src=\"\/cdn-cgi\/image\/quality=80,format=auto,onerror=redirect,metadata=none\/https:\/\/cdn-blog.getastra.com\/2021\/10\/NIST-Methodology-1.png\" alt=\"NIST Methodology for NIST vulnerability assessment\" class=\"wp-image-16081\" srcset=\"\/cdn-cgi\/image\/quality=80,format=auto,onerror=redirect,metadata=none\/https:\/\/cdn-blog.getastra.com\/2021\/10\/NIST-Methodology-1.png 1920w, \/cdn-cgi\/image\/width=1536,height=864,fit=crop,quality=80,format=auto,onerror=redirect,metadata=none\/https:\/\/cdn-blog.getastra.com\/2021\/10\/NIST-Methodology-1.png 1536w\" sizes=\"auto, (max-width: 1920px) 100vw, 1920px\" \/><\/figure>\n<\/div>\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Understanding_NIST_Network_Vulnerability_Assessment\"><\/span>Understanding NIST Network Vulnerability Assessment<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">NIST vulnerability assessment is about finding and sorting out security gaps in your IT infrastructure. A bit different from penetration testing, where you know the flaws and try to exploit them. Here, the aim is to find those weak spots first before anyone with ill intent does.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">NIST vulnerability assessment is all about reducing the &#8216;attack surface&#8217; to limit cyber incidents like data leaks or service disruptions. It&#8217;s not a one-time thing; rather a continuous cycle &#8211; discover, document, and fix problems. It is crucial to manage risks in an organization. With threats evolving all the time, constant vigilance is required to stay resilient against all sorts of cybersecurity issues.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Remember though, NIST vulnerability assessments aren&#8217;t a one-size-fits-all solution. It has to be customized for your organization&#8217;s unique needs, specific threats, and risk exposure. And it&#8217;s not just your digital systems &#8211; but everything from networks, and applications to physical security.<\/p>\n\n\n<style>\n\n.astraWebAppWrap{\n  padding:35px;\n  border: 6px;\n  background-image: url('https:\/\/cdn-blog.getastra.com\/2024\/08\/838dc804-smallimgicbg.png');\n  background-size: cover;\n  background-repeat: no-repeat;\n  position: relative;\n  background-position: right;\n  height: 275px;\n  border-radius: 10px;\n  margin: 20px 0px; \n}\n\n.pentestHeading{\n  color: #575757;\n  font-size: 24px;\n  font-weight: 600;\n  color: #575757;\n  max-width: 450px;\n}\n\n.ctaWebAppHead {\n    display: flex;\n    align-items: center;\n    grid-gap: 1rem;\n}\n\n.ctaOne {\n    text-decoration: none;\n    background-color: #2F76F8;\n    color: #ffffff !important;\n    padding: 10px 25px;\n    border-radius: 6px;\n    font-weight: 600;\n}\n\n.ctaTwo {\n    text-decoration: none;\n    background-color: #24BC94;\n    color: #ffffff !important;\n    padding: 10px 25px;\n    border-radius: 6px;\n    font-weight: 600;\n}\n\n.spanBoldBlue {\n    color: #3078FE;\n    font-weight: 700;\n}\n\n.WebAppImg{\n  position: absolute;\n  bottom: 0px;\n  right: 10px;\n  height: 250px;\n  width: 240px;\n}\n\n@media(max-width: 768px){\n\n}\n\n@media(max-width: 576px){\n   .pentestHeading{\n      font-size: 28px;\n    }\n\n   .WebAppImg{\n     display: none;\n  }\n}\n\n<\/style>\n\n<div class=\"astraWebAppWrap\">\n  <p class=\"pentestHeading\">Make your Web Application <span class=\"spanBoldBlue\">the safest place on the Internet.<\/span><\/p>\n  <p style=\"font-size: 16px; line-height: 1.5;\">With our detailed and specially <br \/> curated Web security checklist.<\/p>\n\n  <div class=\"WebAppHead\">\n    <a href=\"https:\/\/astra.sh\/web-app-security-checklist\" class=\"ctaOne\" target=\"_blank\" rel=\"noopener\">Download Checklist<\/a>\n  <\/div>\n\n  <img decoding=\"async\" src=\"\/cdn-cgi\/image\/quality=80,format=auto,onerror=redirect,metadata=none\/https:\/\/cdn-blog.getastra.com\/2024\/08\/96ad3cf0-girlcta.png\" alt=\"character\" class=\"WebAppImg\" \/>\n<\/div>\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Understanding_the_NIST_Vulnerability_Assessment_Framework\"><\/span>Understanding the NIST Vulnerability Assessment Framework<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">An organized methodology called the NIST Vulnerability Assessment Framework was created to assist organizations in identifying and resolving any security flaws in their IT infrastructure. By using the framework as a guide, companies can create proactive plans to strengthen their cybersecurity posture and reduce cyber assaults.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The National Institute of Standards and Technology (NIST) is a recognized leader in establishing best security practices and standards for cybersecurity. NIST Vulnerability Assessment Framework contains the following components.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">1. Identification of Assets and Resources\u00a0<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">The NIST Vulnerability Assessment Framework&#8217;s first phase entails taking a complete inventory of all assets and resources in your IT environment. This covers software programs, databases, and other network devices in addition to hardware like servers, workstations, routers, and firewalls. You can better safeguard important assets and confidential information through this.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">2. Categorize and Prioritize Assets<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Assets are categorized and prioritized based on their significance and degree of sensitivity to the organization&#8217;s activities. Systems that handle highly sensitive customer data or essential infrastructure are high-priority assets that need to be thoroughly and more frequently analyzed to maintain their security.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">3. Vulnerability Scanning and Analysis<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">NIST advises employing automated vulnerability scanning tools as part of the NIST vulnerability assessment process. The IT infrastructure of your company can be thoroughly and precisely scanned using these tools. It spots potential vulnerabilities that could be advantageous for hackers, such as software flaws, improper setups, and out-of-date components. Automated scans enable you to quickly find vulnerabilities and take action to reduce risks.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">4. Vulnerability Remediation<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Once the vulnerabilities are discovered, the remediation phase must begin immediately to reduce the chance of exploitation. Vulnerability remediation is done by minimizing recognized issues. This could entail putting security patches, changing systems configurations, updating software, or adding more security measures. To reduce the window of opportunity for possible attackers, <a href=\"https:\/\/www.getastra.com\/blog\/compliance\/nist\/nist-vulnerability-scanning\/\" data-type=\"link\" data-id=\"https:\/\/www.getastra.com\/blog\/compliance\/nist\/nist-vulnerability-scanning\/\">NIST vulnerability scanning<\/a> places a significant focus on prompt remediation.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Organizations aiming to keep a strong cybersecurity posture should use the NIST Vulnerability Assessment Framework as a basic tool. It encourages a proactive and methodical method of finding and resolving security flaws before cyber adversaries may take advantage of them. The risk of data breaches, service interruptions, and monetary losses due to cyber disasters can be greatly decreased by organizations using this paradigm.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1920\" height=\"1080\" src=\"\/cdn-cgi\/image\/quality=80,format=auto,onerror=redirect,metadata=none\/https:\/\/cdn-blog.getastra.com\/2021\/10\/Benefits-of-NIST.png\" alt=\"NIST vulnerability assessment\" class=\"wp-image-16077\" srcset=\"\/cdn-cgi\/image\/quality=80,format=auto,onerror=redirect,metadata=none\/https:\/\/cdn-blog.getastra.com\/2021\/10\/Benefits-of-NIST.png 1920w, \/cdn-cgi\/image\/width=1536,height=864,fit=crop,quality=80,format=auto,onerror=redirect,metadata=none\/https:\/\/cdn-blog.getastra.com\/2021\/10\/Benefits-of-NIST.png 1536w\" sizes=\"auto, (max-width: 1920px) 100vw, 1920px\" \/><\/figure>\n<\/div>\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"NIST_Security_Vulnerability_Assessment_Process_Scoring_System\"><\/span><strong>NIST Security Vulnerability Assessment Process Scoring System<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Common Vulnerability Scoring System (CVSS), is a vulnerability assessment methodology in NIST to determine the seriousness of security vulnerabilities. To gauge the effect of a vulnerability on the systems of an organization, CVSS offers a numerical score (from 0 to 10) for each vulnerability. The vulnerability&#8217;s exploitability and the possible repercussions of successful exploitation are only a couple of the many variables that go into determining the score.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Organizations can prioritize vulnerabilities based on their seriousness and potential impact on vital assets by combining CVSS with NIST vulnerability assessment criteria. Because of this, security teams may allocate resources to the greatest dangers first and make well-informed judgments.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>CVSS employs the following metrics for NIST vulnerability assessment:<\/strong><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">1. <strong>Base Metrics<\/strong><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Exploitability<\/strong>: Measures how simple it is for an attacker to take advantage of the vulnerability. A vulnerability is more exploitable if it has a higher score, indicating that potential attackers can exploit it more easily.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Impact<\/strong>: Evaluate the possible outcomes of successful exploitation. This statistic takes into account how the affected system or data will be affected in terms of confidentiality, integrity, and availability.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">2. <strong>Temporal Metrics<\/strong><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Level of Remediation<\/strong>: Indicates whether the vulnerability has official patches or workarounds. The availability of patches or mitigations is indicated by a higher remediation level score.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Report Confidence<\/strong>: Indicates how confident the report author is in its accuracy. A higher score denotes greater certainty about the vulnerability&#8217;s existence and consequences.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">3. <strong>Environmental Metrics<\/strong><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Modified Base Score<\/strong>: This option lets businesses tailor the vulnerability score to their particular environment. This score can be impacted by elements like the criticality of the vulnerable system and the sensitivity of the data it manages.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Temporal Score<\/strong>: This score modifies the base score based on the remediation level and reports confidence that is unique to the organizational setting.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Combining these criteria, CVSS creates an overall score that aids organizations in deciding how to respond to vulnerabilities in the most effective order. Low (0.0-3.9), Medium (4.0-6.9), High (7.0-8.9), and Critical (9.0-10.0) are the different severity categories for the CVSS scores. Security teams can use this rating system to allocate resources efficiently and swiftly identify important vulnerabilities that need to be fixed.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Organizations can maximize their cybersecurity efforts by integrating CVSS with the NIST vulnerability assessment framework. While CVSS improves the assessment process by giving each vulnerability a quantified severity number, the NIST vulnerability assessment framework assists in identifying vulnerabilities through thorough scanning and analysis.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong><em><a href=\"https:\/\/cdn-blog.getastra.com\/2021\/06\/Astra-Security-Sample-VAPT-Report.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">Checkout Astra&#8217;s Sample Penetration Testing Report (VAPT Report)<\/a><\/em><\/strong><\/p>\n\n\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"NIST_Vulnerability_Assessment_Framework_Best_Practices\"><\/span><strong>NIST Vulnerability Assessment Framework Best Practices<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">To conduct effective vulnerability assessments following NIST vulnerability assessment framework, organizations should adopt the following best practices:<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>\u2705<\/strong> <strong>Establish a Vulnerability Management Program<\/strong><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Your NIST vulnerability assessment management program should be complete with guidelines, procedures, and standards for everything from assessments to remediation and ongoing check-ins. It&#8217;s crucial that this is well-documented and communicated across your organization &#8211; everyone needs to know their part. Make sure to clearly define everyone&#8217;s roles and responsibilities for a smooth and coordinated approach to vulnerability management.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\u2705 <strong>Regularly Update Software and Patch Management<\/strong><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">You&#8217;ve got to stay on top of software and patch updates. Make sure to apply the latest security patches across all software, applications, and systems. Regular patch management beefs up your security, nixing known vulnerabilities. And this goes for everything, not just your operating systems but your applications, firmware, and any other software that might give attackers a way in.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\u2705 <strong>Assess Vulnerabilities Regularly<\/strong><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Vulnerability assessment isn&#8217;t a one-and-done thing. It&#8217;s a continuous process. Conducting regular assessments (think every three months or so or as needed) helps you catch and fix new vulnerabilities quickly. It keeps you up-to-date on your security situation so that you can respond to new threats promptly. Make it part of your regular security routine, like backups and system updates.<\/p>\n\n\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Conclusion\"><\/span><strong>Conclusion<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Vulnerability assessment is a critical component of cybersecurity, allowing organizations to detect and address vulnerabilities before cyber threats exploit them. The NIST Vulnerability Assessment Framework provides a systematic and standardized approach to vulnerability assessments, thereby increasing organizations&#8217; overall security posture. Organizations may proactively defend against cyber threats and secure their precious assets by combining the framework with the Common Vulnerability Scoring System (CVSS) and employing best practices.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Organizations must continue to be alert, flexible, and committed to making cybersecurity a priority as the cyber landscape changes to stay one step ahead of hostile actors. Organizations may strengthen their defenses against the constantly changing threat landscape by adopting NIST&#8217;s vulnerability assessment criteria and laying a solid cybersecurity foundation. Organizations may ultimately dramatically improve their cybersecurity resilience and protect their data, systems, and reputation from cyber threats by investing in vulnerability assessment and implementing NIST best practices.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"FAQs\"><\/span><strong>FAQs<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n<div id=\"rank-math-faq\" class=\"rank-math-block\">\n<div class=\"rank-math-list \">\n<div id=\"faq-question-1646813429643\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \">1. What is the timeline for NIST penetration testing?<\/h3>\n<div class=\"rank-math-answer \">\n\n<p>It takes 4-5 days to perform penetration testing and assess the vulnerabilities. Businesses have up to 30 days after the initial test completion to fix the vulnerabilities and achieve NIST compliance. Also, learn about SOC2 compliance.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1646813466773\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \">2. How much does NIST network vulnerability assessment cost?<\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Penetration testing for NIST compliance can cost between $490 and $999 per scan based on your plan. Learn more about penetration testing costs.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1646813877909\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \">3. Why choose Astra Pentest for NIST compliance?<\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Astra\u2019s penetration testing is completely compliance-friendly, be it NIST, PCI DSS, or any other. It fits into your existing processes smoothly and leads you to fast and hassle-free NIST compliance.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1646814008419\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \">4. Do I also get rescans after a vulnerability is fixed?<\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Yes, you get 2-3 rescans depending on the plan you are on. You can use the rescans within a period of 30 days from initial scan completion even after a vulnerability is fixed.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1694493349429\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \">5. What is the NIST vulnerability assessment frequency?<\/h3>\n<div class=\"rank-math-answer \">\n\n<p>While every business need is different, it\u2019s best practice to perform network vulnerability scans at least once per quarter. However, vulnerability scans may be required monthly or weekly based on compliance, major changes to infrastructure, and internal network security capabilities. <\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1703831181041\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \">6. Difference between NIST risk assessment threat vs. vulnerability?<br><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>According to NIST risk assessments, threats are defined as potential dangers or harmful events that occur through the exploitation of a vulnerability. A vulnerability, however, is a weakness or flaw in design, systems, and or processes that can be exploited to form a threat. <\/p>\n\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>Protecting sensitive information and securing digital assets now require the use of cybersecurity. Organizations must employ proactive steps to spot and address vulnerabilities as cyber threats continue to become more complex and sophisticated. Vulnerability assessment is one such method, which is important in cybersecurity risk management. The importance of the National Institute of Standards and &#8230; <a title=\"A Closer Look at NIST Vulnerability Assessment Process\" class=\"read-more\" href=\"https:\/\/www.getastra.com\/blog\/compliance\/nist\/nist-vulnerability-assessment\/\" aria-label=\"Read more about A Closer Look at NIST Vulnerability Assessment Process\">Read more<\/a><\/p>\n","protected":false},"author":100,"featured_media":27757,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[701],"tags":[],"class_list":["post-27756","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-nist"],"_links":{"self":[{"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/posts\/27756","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/users\/100"}],"replies":[{"embeddable":true,"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/comments?post=27756"}],"version-history":[{"count":4,"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/posts\/27756\/revisions"}],"predecessor-version":[{"id":30282,"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/posts\/27756\/revisions\/30282"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/media\/27757"}],"wp:attachment":[{"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/media?parent=27756"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/categories?post=27756"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/tags?post=27756"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}