The DoD information system vulnerabilities are alerted with messages called Information Assurance Vulnerability Alerts (IAVA). Â Vulnerabilities are evaluated to see what impact (if any) the might have and sent out by to all branches and units withing the organization. Â This is done in accordance with DoDD 8500.1, Information Assurance directive.
Implementation of security-related software patches directed through the DoD IAVA program shall not be delayed pending evaluation of changes that may result from the patches. — DoDI 8500.2 Compliance with DoD-directed solutions, such as USSTRATCOM Command Tasking Orders (CTOs), Information Assurance Vulnerability Alerts (IAVAs), and Information Operation Conditions (INFOCONs) shall be a management review item. — DoDI 8500.2
Information assurance vulnerability alert are technical advisories, alerts and vulnerabilities of applications, operating systems, and servers identified by DoD Computer Emergency Response Team which is a division of the United States Cyber Command.  Â
Information Assurance Vulnerability Management (IAVM) is the process of the getting the IAVAs out to all Combatant Commands/Services/Agencies/Field Activities (CC/S/A/FAs). Specifically, the IAVM process:
- Establishes positive control of the Department of Defense (DoD) Information Assurance Vulnerability Alert (IAVA) system
- Provides access to vulnerability notifications that require action
- Requires acknowledgement of action messages
- Requires compliance and reporting status
- Tracks compliance and reporting
- Conducts random compliance checks