Text of Recommendation | Improve the product vulnerability assessments for mission-critical ICT products by incorporating necessary information from the vendor threat assessments, evaluating vulnerabilities and the ease of exploitability by a threat actor, identifying whether specific mitigations exist to address product vulnerabilities, and assigning a vulnerability rating to each vulnerability identified, to better align the product vulnerability assessment with IC Standard 731-04. |
---|---|
Recommendation Number | 8 |
Recommendation Status | Open |
Significant Recommendation | No |
Recommendation Questioned Costs | $0 |
Recommendation Funds for Better Use | $0 |
Additional Information | Accurate as of February 29, 2024. Also available on the DOJ OIG's website at the following link. |
Additional Details Link |
Submitting OIG | |
---|---|
Linked Report |