🔍
← Back to Standards

ISO/IEC 30111

Vulnerability handling processes

Organization: ISO/IEC Category: Vulnerability Management
2
Related Articles
9
Articles with Obligations
7
Key Sections
8
Coverage Areas

Overview

Specifies requirements for how vendors should handle vulnerabilities internally, from receipt through remediation and verification. Complements ISO 29147 on disclosure.

Applicability

Internal vulnerability handling and remediation processes

Relevance to Cyber Resilience Act (CRA)

Core standard for CRA vulnerability handling obligations and patch management

Key Coverage Areas

1
Vulnerability intake and triage
2
Vulnerability analysis and validation
3
Remediation development
4
Security patch management
5
Vulnerability tracking
6
Verification and testing
7
Post-remediation monitoring
8
Metrics and reporting

Standard Sections & Chapters

5

Vulnerability handling process

6

Metrics and measurement

5.1

Receiving vulnerability information

5.2

Vulnerability assessment

5.3

Remediation

5.4

Verification

5.5

Release

Related Cyber Resilience Act (CRA) Articles

Article 16: Establishment of a single reporting platform

View Article →
Sections: 5.1, 5.2, 5.3, 5.4, 5.5

Internal vulnerability handling processes

Implementation Guidance:

Implement end-to-end vulnerability handling from intake to remediation and verification

Mapped Obligations:

  • ENISA must establish and maintain a single reporting platform for vulnerability and incident notifications

Article 17: Other provisions related to reporting

View Article →
Sections: 5.5, 6

Patch release and vulnerability metrics

Implementation Guidance:

Establish processes for timely security patch releases and track metrics

Mapped Obligations:

  • ENISA must add publicly known vulnerabilities to the European vulnerability database after fixes are available

Quick Information

Organization
ISO/IEC
Category
Vulnerability Management
Certification
Not available

Related Pages

← All Cyber Resilience Act (CRA) Standards View All Articles Compliance Guide
Get Implementation Help

🤝 Still Feeling Overwhelmed?

EU cybersecurity laws can be complex. Our free tools and guides work great for most people, but if you're dealing with something particularly challenging or have tight deadlines, we're here to help.

Talk to an expert → or Browse all our free resources →