FRD-IRVformerly FRD-ALL-24

Internet-Reachable Vulnerability (IRV)

Definition

A vulnerability in a machine-based information resource that might be exploited or otherwise triggered by a payload originating from a source on the public internet; this includes machine-based information resources that have no direct route to/from the internet but receive payloads or otherwise take action triggered by internet activity.

Also Referred To As

internet-reachable vulnerabilityinternet-reachable vulnerabilitiesIRVIRVsNIRVNIRVs

Used in FedRAMP KSI Requirements

This term appears in FedRAMP Key Security Indicator statements. Understanding its precise definition is critical for accurate self-assessment.

Browse KSI themes →

Back to Glossary Open Assessment Tool →