FRD-VULformerly FRD-ALL-20

Vulnerability

Definition

Has the meaning given to "security vulnerability" in 6 USC § 650 (25), which is "any attribute of hardware, software, process, or procedure that could enable or facilitate the defeat of [...] management, operational, and technical controls used to protect against an unauthorized effort to adversely affect the confidentiality, integrity, and availability of an information system or its information." This includes gaps in Rev5 controls and 20x Key Security Indicators, software vulnerabilities, misconfigurations, exposures, weak credentials, insecure services, and all other such potential weaknesses in protection (intentional or unintentional).

Also Referred To As

vulnerabilityvulnerabilities

Authoritative Source

6 USC § 650 (25)

Used in FedRAMP KSI Requirements

This term appears in FedRAMP Key Security Indicator statements. Understanding its precise definition is critical for accurate self-assessment.

Browse KSI themes →

Back to Glossary Open Assessment Tool →