NIST 800-53 REV 5 • INCIDENT RESPONSE

IR-6(2)Vulnerabilities Related to Incidents

Report system vulnerabilities associated with reported incidents to {{ insert: param, ir-06.02_odp }}.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Supplemental Guidance

Reported incidents that uncover system vulnerabilities are analyzed by organizational personnel including system owners, mission and business owners, senior agency information security officers, senior agency officials for privacy, authorizing officials, and the risk executive (function). The analysis can serve to prioritize and initiate mitigation actions to address the discovered system vulnerability.

Practitioner Notes

When an incident reveals a vulnerability — whether in your software, configuration, or processes — that vulnerability needs to be reported to the right people so it can be fixed and not exploited again.

Example 1: After every incident, conduct a root cause analysis that identifies any underlying vulnerabilities. Log these in your vulnerability management tool (Tenable, Qualys, or Rapid7) and assign them for remediation with priority based on the incident severity.

Example 2: Create a post-incident vulnerability report template that captures the CVE (if applicable), affected systems, how it was exploited, and recommended fixes. Submit this to your patch management team and track remediation through your change management process.

More Incident Response Controls

IR-1 Policy and Procedures IR-2 Incident Response Training IR-2(1) Simulated Events IR-2(2) Automated Training Environments