IR-6(2)

  • Requirement

    Report system vulnerabilities associated with reported incidents to [Assignment: organization-defined personnel or roles].

  • Discussion

    Reported incidents that uncover system vulnerabilities are analyzed by organizational personnel including system owners, mission and business owners, senior agency information security officers, senior agency officials for privacy, authorizing officials, and the risk executive (function). The analysis can serve to prioritize and initiate mitigation actions to address the discovered system vulnerability.

More Info

  • Title

    Incident Reporting | Vulnerabilities Related to Incidents
  • Family

    Incident Response
  • NIST 800-53B Baseline(s)

    • Related NIST 800-53 ID

    NIST 800-53A Assessment Guidance

    CMMC Training

    Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!