FRD-ODVformerly FRD-ALL-30

Overdue Vulnerability

Definition

A vulnerability that the provider intends to fully mitigate or remediate but has not or will not do so within the time frames recommended or required by FedRAMP.

Also Referred To As

overdue vulnerabilityoverdue vulnerabilities

Used in FedRAMP KSI Requirements

This term appears in FedRAMP Key Security Indicator statements. Understanding its precise definition is critical for accurate self-assessment.

Browse KSI themes →

Back to Glossary Open Assessment Tool →