IR-6(2): Vulnerabilities Related to Incidents

Control Family:

Incident Response

Parent Control:

IR-6: Incident Reporting

CSF v1.1 References:

RS.CO-2

Baselines:

(Not part of any baseline)

Previous Version:

NIST Special Publication 800-53 Revision 4:
IR-6(2): Vulnerabilities Related To Incidents

Control Statement

Report system vulnerabilities associated with reported incidents to [Assignment: organization-defined personnel or roles].

Supplemental Guidance

Reported incidents that uncover system vulnerabilities are analyzed by organizational personnel including system owners, mission and business owners, senior agency information security officers, senior agency officials for privacy, authorizing officials, and the risk executive (function). The analysis can serve to prioritize and initiate mitigation actions to address the discovered system vulnerability.