Accepted Vulnerability
Also: accepted vulnerability, accepted vulnerabilities
Definition
Verbatim from FedRAMP/rules
A vulnerability that the provider does not intend to fully mitigate or remediate, OR that has not or will not be fully mitigated or remediated within the maximum overdue period in FedRAMP Vulnerability Detection and Response rules.
Used in 4 rule requirements
This term is a defined part of the following FedRAMP rule requirements — when it appears in a rule, this definition applies precisely.
Change history
2026-07-04Initial reset for the Consolidated Rules for 2026 Public Preview.