← Back to catalog
IR-6(2)

Vulnerabilities Related to Incidents

Incident Response (IR)
Baselines
Low · Not includedModerate · Not includedHigh · Not included
Description

Report system vulnerabilities associated with reported incidents to [assignment].

Discussion

Reported incidents that uncover system vulnerabilities are analyzed by organizational personnel including system owners, mission and business owners, senior agency information security officers, senior agency officials for privacy, authorizing officials, and the risk executive (function). The analysis can serve to prioritize and initiate mitigation actions to address the discovered system vulnerability.

Implementation guidance

No content available.

CSF 2.0 crosswalk

No CSF mappings exist for this control.