Back

Establish, implement, and maintain an exception management process for vulnerabilities that cannot be remediated.


CONTROL ID
13859
CONTROL TYPE
Technical Security
CLASSIFICATION
Corrective

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Correct or mitigate vulnerabilities., CC ID: 12497

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • Handling of significant incidents and conditions which constitute exceptions to regular operations, such as the failure of critical IT systems (Section 4 UP-01 Basic requirement ΒΆ 1 Bullet 4, Cloud Computing Compliance Controls Catalogue (C5))
  • The organization has a formal exception management process for vulnerabilities that cannot be mitigated due to business-related exceptions. (PR.IP-12.3, CRI Profile, v1.2)
  • The organization has a formal exception management process for vulnerabilities that cannot be mitigated due to business-related exceptions. (PR.IP-12.3, Financial Services Sector Cybersecurity Profile, Version 1.0.0)