RA-5(11)

  • Requirement

    Establish a public reporting channel for receiving reports of vulnerabilities in organizational systems and system components.

  • Discussion

    The reporting channel is publicly discoverable and contains clear language authorizing good-faith research and the disclosure of vulnerabilities to the organization. The organization does not condition its authorization on an expectation of indefinite non-disclosure to the public by the reporting entity but may request a specific time period to properly remediate the vulnerability.

More Info

  • Title

    Vulnerability Monitoring and Scanning | Public Disclosure Program
  • Family

    Risk Assessment
  • NIST 800-53B Baseline(s)

    • Low
    • Moderate
    • High
  • Related NIST 800-53 ID

NIST 800-53A Assessment Guidance

CMMC Training

Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!