RV.2.1—Analyze each vulnerability to gather sufficient information about risk to plan its remediation or other risk response.
RV.2
>Control Description
Analyze each vulnerability to gather sufficient information about risk to plan its remediation or other risk response.
>Practice: RV.2
Assess, Prioritize, and Remediate Vulnerabilities
Help ensure that vulnerabilities are remediated in accordance with risk to reduce the window of opportunity for attackers.
>Notional Implementation Examples
- 1.Use existing issue tracking software to record each vulnerability.
- 2.Perform risk calculations for each vulnerability based on estimates of its exploitability, the potential impact if exploited, and any other relevant characteristics.
>Cross-Framework References
Mappings to related frameworks and standards from NIST SP 800-218
BSA FSS
VM.2
BSIMM
CMVM1.2
CMVM2.2
EO 14028
4e(iv)
4e(viii)
4e(ix)
IEC 62443
DM-2
DM-3
ISO 30111
7.1.4
NIST Labels
2.2.2.2
PCI SSLC
3.4
4.2
SAFECode Agile
Operational Security Task 1
Tasks Requiring the Help of Security Experts 10
SP 800-160
3.3.8
SP 800-161
SA-15(7)
SP 800-181 (NICE)
K0009
K0039
K0070
K0161
K0165
S0078
Ask AI
Configure your API key to use AI features.