Information Assurance Vulnerability Alert (IAVA)
The DOD-CERT Information Assurance Vulnerability Alert (IAVA) system is used in U.S. Department of Defense organizations to standardize the announcement and remediation of critical vulnerabilities. This system also includes time sensitive assessment, remediation, and reporting requirements for organizations within the DoD, as well as other governmental and commercial entities that have direct contractual commitments or technology interoperability with DoD networks and systems. As such, the span of impact of an IAVA announcement can be far reaching.
How SAINT Supports the IAVA System
SAINT provides customers with IAVA codes through our continuous collection, evaluation, and integration of vulnerability codes, checks, and tutorial content. IAVA content is obtained from publicly available information via Defense Information Security Agency’s (DISA), Security Technical Implementation Guides (STIGs) website. This information is then synthesized by our analysts and distributed to customers via our bi-weekly SAINTexpress release process. Once these updates are applied to your installation, IAVA codes are then mapped to vulnerabilities identified through any scanning policy and made available for analysis, reporting, and exporting for external use.