Navigate

CCI-004640

CCI-004640 Definition

Establish a public reporting channel for receiving reports of vulnerabilities in organizational systems and system components.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Determine if a public reporting channel is established for receiving reports of vulnerabilities in organizational systems and system components.

Validation Procedures

Examine: [SELECT FROM: Risk assessment policy; procedures addressing vulnerability scanning; risk assessment; vulnerability scanning tools and techniques documentation; vulnerability scanning results; vulnerability management records; audit records; public reporting channel; system security plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with vulnerability scanning responsibilities; organizational personnel with vulnerability scan analysis responsibilities; organizational personnel with security responsibilities]. Test: [SELECT FROM: Organizational processes for vulnerability scanning; mechanisms/tools supporting and/or implementing vulnerability scanning; mechanisms implementing the public reporting of vulnerabilities].

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-004640.

Control	Description
RA-5(11)	Establish a public reporting channel for receiving reports of vulnerabilities in organizational systems and system components.