An information assurance vulnerability alert (IAVA) is an announcement of a computer application software or operating system vulnerability notification in the form of alerts, bulletins, and technical advisories identified by DoD-CERT, a division of the United States Cyber Command. These selected vulnerabilities are the mandated baseline, or minimum configuration of all hosts residing on the GIG. USCYBERCOM analyzes each vulnerability and determines if it is necessary or beneficial to the Department of Defense to release it as an IAVA. Implementation of IAVA policy will help ensure that DoD Components take appropriate mitigating actions against vulnerabilities to avoid serious compromises to DoD computer system assets that would potentially degrade mission performance.
The combatant commands, services, agencies and field activities are required to implement vulnerability notifications in the form of alerts, bulletins, and technical advisories. USSTRATCOM via its sub-unified command USCYBERCOM has the authority to direct corrective actions, which may ultimately include disconnection of any enclave, or affected system on the enclave, not in compliance with the IAVA program directives and vulnerability response measures (i.e. communication tasking orders or messages). USSTRATCOM and USCYBERCOM will coordinate with all affected organizations to determine operational impact to the DoD before instituting a disconnection.
No comments:
Post a Comment