Establish a public reporting channel for receiving reports of vulnerabilities in organizational systems and system components.
|
|
| Control Identifier | RA-5(11) |
| Latest Sync Date | 19/12/24 09:18:14 |
| Discussion | The reporting channel is publicly discoverable and contains clear language authorizing good-faith research and the disclosure of vulnerabilities to the organization. The organization does not condition its authorization on an expectation of indefinite non-disclosure to the public by the reporting entity but may request a specific time period to properly remediate the vulnerability. |
| Related Controls | None. |