Information Assurance Vulnerability Management (IAVM)

Information Assurance Vulnerability Management (IAVM) is the DoD's program for managing cybersecurity vulnerabilities across the department. When critical vulnerabilities are discovered, the DoD issues alerts and bulletins through the IAVM program requiring affected organizations to patch or mitigate the vulnerabilities within specified timeframes.

IAVM notices come in three categories: IAVAs (alerts for critical vulnerabilities requiring urgent action), IAVBs (bulletins for significant vulnerabilities), and IAVTs (technical advisories for awareness). Each has mandated response timelines that must be tracked and reported.