Common Vulnerability Scoring System (CVSS) requirements
CVSS.R.1
The product's documentation (printed or electronic) must state that it uses CVSS and explain relevant details to the users of the product. If external CVSS data is imported into the product, the documentation must state the source.
General overview of CVSS and how Security Analysis leverages thisĀ standard can be found here.