RS.AN-5: Processes are established to receive, analyze and respond to vulnerabilities disclosed to the organization from internal and external sources (e.g. internal testing, security bulletins, or security researchers)

Warning icon.

Subcategory is withdrawn in the next version of this framework and incorporated into: ID.RA-08: Processes for receiving, analyzing, and responding to vulnerability disclosures are established.


[ Note: Subcategories do not have detailed descriptions.]