Navigate

• Top
• Description
• Related
• Enhancements
• CCIs

IR-6(2)

IR-6(2): Vulnerabilities Related to Incidents

The organization reports information system vulnerabilities associated with reported security incidents to [organization-defined personnel or roles].

Supplemental

CIA Levels
Confidentiality	high
Integrity	high
Availability	high

Overlays
None

CSF Categories
None

Related Controls

The controls below (if any) were marked by NIST as being related to IR-6(2).

Control	Description
No controls

Enhancements

The controls below (if any) add on to the requirements of IR-6(2).

Control	Description
No controls

Related CCIs

The CCIs below are tied to IR-6(2).

CCI	Definition
CCI-000838	Report system vulnerabilities associated with reported incidents to organization-defined personnel or roles.
CCI-002792	Defines personnel or roles to whom system vulnerabilities associated with reported incident information are reported.