ID.RA-08: Processes for receiving, analyzing, and responding to vulnerability disclosures are established
Ex1: Conduct vulnerability information sharing between the organization and its suppliers following the rules and protocols defined in contracts
Ex2: Assign responsibilities and verify the execution of procedures for processing, analyzing the impact of, and responding to cybersecurity threat, vulnerability, or incident disclosures by suppliers, customers, partners, and government cybersecurity organizations
Tier
Description
Processes for receiving, analyzing, and responding to vulnerability disclosures are established