THR-06—Vulnerability Disclosure Program (VDP)

Weight: 8

>Control Description

Mechanisms exist to establish a Vulnerability Disclosure Program (VDP) to assist with the secure development and maintenance of Technology Assets, Applications and/or Services (TAAS) that receives unsolicited input from the public about vulnerabilities in organizational TAAS.

>Control Description

>Cross-Framework Mappings

NIST SP 800-53 r5

PCI DSS v4.0.1

CIS Controls v8

FedRAMP Rev 5

Australia ISM

EU CRA Annexes

CIS Controls v8.1 (Detailed)

NIST SP 800-218 SSDF

Data Privacy Management Principles

CISA CPG

CISA SSDAF

Executive Order 14028

Ask AI