DoDI 8531.01, DoD Vulnerability Management : Department of Defense , September 15 , 2020
From the document: "The DoD will: a. Use the DoD vulnerability management process to manage and respond to vulnerabilities identified in all software, firmware, and hardware within the DODIN. b. Ensure configuration, asset, remediation, and mitigation management supports vulnerability management within the DODIN in accordance with DoD Instruction (DoDI) 8510.01. c. Support all systems, subsystems, and system components owned by or operated on behalf of DoD with efficient vulnerability assessment techniques, procedures, and capabilities. In leased systems, enforcement is included in contract language to mitigate vulnerabilities consistent with DoD policies. d. Maintain the requirements for DoD participation in the VEP and ensure DoD and OSD Components submit a vulnerability to the VEP that is both a newly discovered vulnerability and not publicly known vulnerability, as soon as practicable."
Authors - Department of DefenseRelated Resources