💼 ID.RA-08: Processes for receiving, analyzing, and responding to vulnerability disclosures are established
- ID:
/frameworks/nist-csf-v2.0/id-ra/08
Description
- Conduct vulnerability information sharing between the organization and its suppliers following the rules and protocols defined in contracts
- Assign responsibilities and verify the execution of procedures for processing, analyzing the impact of, and responding to cybersecurity threat, vulnerability, or incident disclosures by suppliers, customers, partners, and government cybersecurity organizations
Similar
- Sections
/frameworks/nist-csf-v1.1/rs-an/05/frameworks/nist-sp-800-53-r5/ra/05
Similar Sections (Take Policies From)
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 NIST CSF v1.1 → 💼 RS.AN-5: Processes are established to receive, analyze and respond to vulnerabilities disclosed to the organization from internal and external sources (e.g. internal testing, security bulletins, or security researchers) | no data | ||||
| 💼 NIST SP 800-53 Revision 5 → 💼 RA-5 Vulnerability Monitoring and Scanning | 11 | 1 | no data |
Sub Sections
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|
Policies (1)
| Policy | Logic Count | Flags | Compliance |
|---|---|---|---|
| 🛡️ AWS ECR Repository Manual Scanning is enabled🟢 | 1 | 🟢 x6 | no data |