RA-5(11) Vulnerability Monitoring and Scanning | Public Disclosure Program | Risk Assessment (RA) | Cybersecurity Controls Standards Catalog | Office of Information Security | Information Technology

Information Technology
Office of Information Security
Cybersecurity Controls Standards Catalog
Risk Assessment (RA)
RA-5(11) Vulnerability Monitoring and Scanning | Public Disclosure Program

Description

The reporting channel is publicly discoverable and contains clear language authorizing good-faith research and the disclosure of vulnerabilities to the organization. The organization does not condition its authorization on an expectation of indefinite non-disclosure to the public by the reporting entity but may request a specific time period to properly remediate the vulnerability.

Applicability

The Chief Information Security and Privacy Officer (CISPO) is responsible for implementing this control.

Implementation

TAMU-CC shall establish a public reporting channel for receiving reports of vulnerabilities in organizational systems and system components.

Revision History

Last Updated: February 21, 2025

Previous Versions:

June 29, 2023
May 31, 2022
March 25, 2021
September 16, 2019

See All News

Black History Month
- 02.27
Read More
Islander Homecoming 2025
- 02.27
Read More

See All Events