TDA-02.13 ยท Reporting Exploitable Vulnerabilities

Control Description

Mechanisms exist to notify applicable stakeholders about potentially exploitable vulnerabilities in organization-developed Technology Assets, Applications and/or Services (TAAS), as required by statutory, regulatory and/or contractual obligations.

Control Question
Assessment question for control validation

Does the organization notify applicable stakeholders about potentially exploitable vulnerabilities in organization-developed Technology Assets, Applications and/or Services (TAAS), as required by statutory, regulatory and/or contractual obligations?

Control Weighting
8
Validation Cadence
Semi-Annual
NIST CSF Function
Protect
Supply Chain Risk Management (SCRM) Tiers
Applicable SCRM tier levels for this control
Tier 2 - Operational
Tier 3 - Tactical
Additional Metadata
Applicability (Process):
x
Errata & Additional Notes

- wordsmithed control