πΌ ID.RA-08: Processes for receiving, analyzing, and responding to vulnerability disclosures are established
- Contextual name: πΌ ID.RA-08: Processes for receiving, analyzing, and responding to vulnerability disclosures are established
- ID:
/frameworks/nist-csf-v2.0/id-ra/08 - Located in: πΌ Risk Assessment (ID.RA)
Descriptionβ
- Conduct vulnerability information sharing between the organization and its suppliers following the rules and protocols defined in contracts
- Assign responsibilities and verify the execution of procedures for processing, analyzing the impact of, and responding to cybersecurity threat, vulnerability, or incident disclosures by suppliers, customers, partners, and government cybersecurity organizations
Similarβ
- Sections
/frameworks/nist-csf-v1.1/rs-an/05/frameworks/nist-sp-800-53-r5/ra/05
Similar Sections (Take Policies From)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ NIST CSF v1.1 β πΌ RS.AN-5: Processes are established to receive, analyze and respond to vulnerabilities disclosed to the organization from internal and external sources (e.g. internal testing, security bulletins, or security researchers) | ||||
| πΌ NIST SP 800-53 Revision 5 β πΌ RA-5 Vulnerability Monitoring and Scanning | 11 |
Sub Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|