SECURITY ALERTS, ADVISORIES, AND DIRECTIVES - 5355.2

Policy: Each state entity shall receive information asset security alerts, advisories, and directives from various legitimate external sources and shall act on those to mitigate state entity risk, including generating internal security alerts, advisories, and directives as deemed necessary.

Implementation Controls:  NIST SP 800-53: System and Information Integrity (SI); Supply Chain Risk Management (SR)