Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Information Assurance Vulnerability Management Report

by Cody Dumont
March 3, 2015

Agencies and organizations that must report to US Cyber Command (USCYBERCOM) must be able to identify vulnerabilities identified by the Information Assurance Vulnerability Management (IAVM) Notices. IAVM Notices are published at several levels with differing priority categories. This report provides a detailed list of the vulnerabilities identified from 2002 – 2015.

The report is available in the Tenable.sc Center Feed, a comprehensive collection of dashboards, reports, assurance report cards and assets. The report can be easily located in the Tenable.sc Feed under the category Threat Detection & Vulnerability Assessments. The report requirements are:

  • Tenable.sc 4.8.2
  • Nessus 8.5.1
  • NNM 5.9.0

According to the US Secretary of Defense, the IAVM employs positive control mechanisms to mitigate potentially critical software vulnerabilities through the rapid development and dissemination of actions. The IAVM Notices are posted on a USCYBERCOM website and also entered into the Defense Information Systems Agency (DISA) operated Vulnerability Management System (VMS).  Tenable receives weekly updates and correlates the alerts to plugins for integration into Tenable.sc Continuous View (CV).  The IAVM publishes three types of alerts: 

  • IA Vulnerability Alerts (IAVA) address severe network vulnerabilities resulting in immediate and potentially severe threats to DoD systems and information. Corrective action is of the highest priority due to the severity of the vulnerability risk.
  • IA Vulnerability Bulletins (IAVB) address new vulnerabilities that do not pose an immediate risk to DoD systems, but are significant enough that noncompliance with the corrective action could escalate the risk.
  • Technical Advisories (TA) address new vulnerabilities that are generally categorized as low risk to DoD systems. 

This report provides an executive summary chapter that contains several summary charts and tables. The following chapters contain details for the individual years starting with 2012 – 2015. The last chapter is a combined chapter with vulnerabilities with IAVM alerts released from 2002 – 2011. Each detail chapter contains a network summary chart, showing the most vulnerable subnets, followed by an IAVM summary chart showing the top most severe vulnerabilities. The chapters also provide the vulnerability summary, affected hosts, applicable IAVM alerts, and remediation summary.

Tenable provides continuous network monitoring to identify vulnerabilities, reduce risk, and ensure compliance. Tenable.sc CV allows for the most comprehensive and integrated view of network health. By combining data from active scanning (Nessus Vulnerability Scanner), passive detection (Nessus Network  Monitor), and log analysis (Log Correlation Engine), Tenable.sc CV supports vulnerability detection for more technologies than any other vendor; including vulnerabilities for operating systems, network devices, hypervisors, databases, tablets, phones, web servers, and critical infrastructure.

Chapters

Executive Summary - This chapter provides an executive view of IAVM related vulnerabilities within the network. The chapter begins with two matrices providing a high level view of IAVM vulnerabilities detected by vendor and calendar year. Next, the critical and high severity vulnerabilities are summarized. The remaining components provide a summary by plugin family and a 25-day trend graph.  

 IAVM 2015 Details – This chapter provides the vulnerability details for the IAVM alerts released in 2015. The chapter begins with two summary components showing the most vulnerable networks and most common IAVM alerts. An iterator for IAVM vulnerabilities detected in 2015 follows the summary information. For each vulnerability detected, a list of applicable IAVM alerts, remediation tasks, and affected hosts is provided. 

IAVM 2014 Details – This chapter provides the vulnerability details for the IAVM alerts released in 2014. The chapter begins with two summary components showing the most vulnerable networks and most common IAVM alerts. An iterator for IAVM vulnerabilities detected in 2014 follows the summary information. For each vulnerability detected, a list of applicable IAVM alerts, remediation tasks, and affected hosts is provided.

IAVM 2013 Details – This chapter provides the vulnerability details for the IAVM alerts released in 2013. The chapter begins with two summary components showing the most vulnerable networks and most common IAVM alerts. An iterator for IAVM vulnerabilities detected in 2013 follows the summary information. For each vulnerability detected, a list of applicable IAVM alerts, remediation tasks, and affected hosts is provided.

IAVM 2012 Details – This chapter provides the vulnerability details for the IAVM alerts released in 2012. The chapter begins with two summary components showing the most vulnerable networks and most common IAVM alerts. An iterator for IAVM vulnerabilities detected in 2012 follows the summary information. For each vulnerability detected, a list of applicable IAVM alerts, remediation tasks, and affected hosts is provided.

IAVM Details Prior to 2012 – This chapter provides the vulnerability details for the IAVM alerts released prior to 2012. The chapter begins with two summary components showing the most vulnerable networks and most common IAVM alerts. An iterator for IAVM vulnerabilities detected prior to 2012 follows the summary information. For each vulnerability detected, a list of applicable IAVM alerts, remediation tasks, and affected hosts is provided.

 

Try for Free Buy Now

Try Tenable.io

FREE FOR 30 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,275

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, email, community and chat support 24 hours a day, 365 days a year. Full details here.

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 30 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 30 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.

Try for Free Contact Sales

Try Tenable Lumin

FREE FOR 30 DAYS

Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.