What is an IAVM? | DoD RMF
The IAVM Notices are posted on a USCYBERCOM website and also entered into the Defense Information Systems Agency (DISA) operated Vulnerability Management System (VMS). IAVM is an acronym, which means Information Assurance Vulnerability Management. The IAVM publishes three types of alerts:
- IA Vulnerability Alerts (IAVA) address severe network vulnerabilities resulting in immediate and potentially severe threats to DoD systems and information. Corrective action is of the highest priority due to the severity of the vulnerability risk.
- IA Vulnerability Bulletins (IAVB) address new vulnerabilities that do not pose an immediate risk to DoD systems, but are significant enough that noncompliance with the corrective action could escalate the risk.
- Technical Advisories (TA) address new vulnerabilities that are generally categorized as low risk to DoD systems.
Essentially, this means that IAVM is the term used to describe a program that is responsible to disseminate information out which addresses vulnerabilities. IAVM alerts can be sent out to users emails to get access to the vulnerability information once they are published.
IAVM’s are generally published on Tuesdays or Thursdays.