Sign up to receive SCM email updates
(restricted to .mil email addresses)
Return to Gap Analysis
- Policy dictates an Information Assurance Vulnerability Alert (IAVA) mandating updates to the configuration of an asset.
- The IAVAs are distributed to system administrators as they become available dictating fixes that need to be made to systems based on newly identified vulnerabilities
- The system administrator has the responsibility of checking to see which IAVAs are relevant the systems that are being managed
- The system administrator must patch the systems or make desired configuration changes as per the IAVA or come up with a plan of when the desired changes will be made called a Plan Of Action & Milestones (POA&M)
- Often times the response to a particular IAVA is to patch installed software. The system administrator must download and install patch information from the patch server.
- IAVA results are manually reported into VMS
- The Information Assurance Vulnerability Management (IAVM) System is used to generate Alerts (IAVAs) based on vulnerabilities
- For each IAVA there is a corresponding machine readable IAVA check that can be delivered and automatically executed.
- The automated IAVA Check will identify systems to which the IAVM applies
- The results will be used to make a Remediation Course of Action decision (patch, fix, mitigate, accept risk)
- The Remediation Course of Action is conducted and results are automatically reported.
- Area for related tools: I will populate this area once I get the list. Leave a placeholder for now.
- Shift current list of SCM tools to the right hand column