UNLIMITED FREE ACCESS TO THE WORLD'S BEST IDEAS

close
Already an Engineering360 user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your Engineering360 Experience

close

Select Your Free Newsletters

Industry Newsletters

Select Your Free Product Alerts

Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

DODD 8531.01

DOD VULNERABILITY MANAGEMENT

active, Most Current
Organization: DODD
Publication Date: 15 September 2020
Status: active
Page Count: 24
scope:

Purpose:

In accordance with the authority in DoD Directive 5144.02, this issuance:

• Establishes policy, assigns responsibilities, and provides procedures for DoD vulnerability management and response to vulnerabilities identified in all software, firmware, and hardware within the DoD information network (DODIN).

• Establishes a uniform DoD Component-level cybersecurity vulnerability management program based on federal and DoD standards.

• Establishes policy and assigns responsibilities for the DoD Vulnerability Disclosure Program (VDP).

• Establishes policy, assigns responsibilities, and provides procedures for DoD's participation in the Vulnerabilities Equities Process (VEP), in accordance with the Vulnerabilities Equities Policy and Process for the U.S. Government (USG).

Document History

DODD 8531.01
September 15, 2020
DOD VULNERABILITY MANAGEMENT
Purpose: In accordance with the authority in DoD Directive 5144.02, this issuance: • Establishes policy, assigns responsibilities, and provides procedures for DoD vulnerability management and...

References

This document references:
DODD 5144.02(D) CE-01 - DoD Chief Information Officer (DoD CIO)
Published by DODD on September 19, 2017
PURPOSE. Under the authority vested in the Secretary of Defense by section 113 of Title 10, United States Code (U.S.C.) (Reference (a)), this directive: a. Assigns the responsibilities, functions,...
This document references:
DODD 5000.02 - Operation of the Defense Acquisition System
Published by DOD on August 31, 2018
PURPOSE. This instruction: a. In accordance with the authority in DoD Directive (DoDD) 5000.01 (Reference (a)) and DoDD 5134.01 (Reference (cm)), reissues the interim DoD Instruction 5000.02...
This document references:
DODD 5144.02(D) CE-01 - DoD Chief Information Officer (DoD CIO)
Published by DODD on September 19, 2017
PURPOSE. Under the authority vested in the Secretary of Defense by section 113 of Title 10, United States Code (U.S.C.) (Reference (a)), this directive: a. Assigns the responsibilities, functions,...
This document references:
DODD 5505.13E(D) CE-01 - DoD Executive Agent (EA) for the DoD Cyber Crime Center (DC3)
Published by DODD on July 27, 2017
PURPOSE. This Directive: a. Directs the establishment of DC3 as an entity within the Department of the Air Force and establishes the functions of DC3. b. Designates the Secretary of the Air Force...
This document references:
DODD 8310.01 CE-01 - Information Technology Standards in the DoD
Published by DODD on July 31, 2017
PURPOSE. In accordance with the authority in DoD Directive (DoDD) 5144.02 (Reference (a)) and the guidance in DoDD 8000.01 (Reference (b)), this instruction: a. Establishes policy, assigns...
This document references:
DODD 8320.03 - Unique Identification (UID) Standards for Supporting the DoD Information Enterprise
Published by DOD on August 31, 2018
PURPOSE. This instruction: a. Reissues DoD Directive (DoDD) 8320.03 (Reference (a)) as a DoD instruction (DoDI) in accordance with the authority in DoDD 5134.01 (Reference (b)) to establish policy...
This document references:
DODD 8320.04 - Item Unique Identification (IUID) Standards for Tangible Personal Property
Published by DOD on August 31, 2018
PURPOSE. In accordance with the authority in DoD Directive 5134.01 (Reference (a)), this instruction: a. Reissues DoD Instruction (DoDI) 8320.04 (Reference (b)) to establish policy and assign...
This document references:
DODD 8500.01 CE-01 - Cybersecurity
Published by DODD on October 7, 2019
PURPOSE. This instruction: a. Reissues and renames DoD Directive (DoDD) 8500.01E (Reference (a)) as a DoD Instruction (DoDI) pursuant to the authority in DoDD 5144.02 (Reference (b)) to establish a...
This document references:
NIST SP 800-30 - Guide for Conducting Risk Assessments
Published by NIST on September 1, 2012
PURPOSE AND APPLICABILITY The purpose of Special Publication 800-30 is to provide guidance for conducting risk assessments of federal information systems and organizations, amplifying the guidance in...
View Less
View All
Advertisement