Skip to main content
WhyHow It WorksFeaturesPricingBlog
Sign inRequest demo
FRD-IRVVulnerabilityImplementation guide coming soon

Internet-Reachable Vulnerability (IRV)

Also: internet-reachable vulnerability, internet-reachable vulnerabilities, IRV, IRVs, NIRV, NIRVs

Definition

Verbatim from FedRAMP/rules

A vulnerability in a machine-based information resource that might be exploited or otherwise triggered by a payload originating from a source on the public internet.

Notes

  • This includes machine-based information resources that have no direct route to/from the internet but receive payloads or otherwise take action triggered by internet activity.
  • Internet-reachability applies only to the specific vulnerable machine-based information resources processing the payload.
  • The opposite of this is a Not Internet-reachable Vulnerability (NIRV).

Used in 3 rule requirements

This term is a defined part of the following FedRAMP rule requirements — when it appears in a rule, this definition applies precisely.

VDR-EVA-EIRVDR-RPT-AVIVDR-RPT-VDT

Change history

  • 2026-07-04Initial reset for the Consolidated Rules for 2026 Public Preview.

Source of truth: FedRAMP/rules. Definitions are published verbatim; Boundera adds cross-references and implementation context.