AC.L2-3.11.2[c] — Risk Assessment (Vulnerability Assessments)
Domain: Risk Assessment (RA) | Practice: RA.L2-3.11.2 | Objective ID: 3.11.2[c]
Assessment Objective: Vulnerability assessment results are shared with relevant personnel.
Summary
AC.L2-3.11.2[c] requires that vulnerability assessment results are communicated to personnel responsible for remediation and security decisions. Proper distribution ensures accountability and timely response.
Key Requirements
Documented communication process for vulnerability findings. Evidence of distribution to system owners, security teams, and management. Acknowledgment of receipt from responsible parties. Escalation procedures for critical vulnerabilities. Follow-up tracking on remediation.
NDS Support
NDS workflow tools help automate distribution and tracking of vulnerability assessment results to relevant stakeholders.