Navigate

IR-6 (2)

IR-6 (2): Vulnerabilities Related To Incidents

The organization reports information system vulnerabilities associated with reported security incidents to [Assignment: organization-defined personnel or roles].

Supplemental

None

CIA Levels
Confidentiality	low
Integrity	low
Availability	low

Overlays
None

Related Controls

The controls below (if any) were marked by NIST as being related to IR-6 (2).

Control	Description
No controls

Enhancements

The controls below (if any) add on to the requirements of IR-6 (2).

Control	Description
No controls

Related CCIs

The CCIs below are tied to IR-6 (2).

CCI	Definition
CCI-000838	The organization reports information system vulnerabilities associated with reported security incidents to organization-defined personnel or roles.
CCI-002792	The organization defines personnel or roles to whom information system vulnerabilities associated with reported security incident information are reported.