Skip to main content
WhyHow It WorksFeaturesPricingBlog
Sign inRequest demo
FRD-ODVVulnerabilityImplementation guide coming soon

Overdue Vulnerability

Also: overdue vulnerability, overdue vulnerabilities

Definition

Verbatim from FedRAMP/rules

A vulnerability that the provider intends to fully mitigate or remediate but has not or will not do so within the time frames recommended or required by FedRAMP.

Used in 1 rule requirement

This term is a defined part of the following FedRAMP rule requirements — when it appears in a rule, this definition applies precisely.

VDR-RPT-VDT

Change history

  • 2026-07-04Initial reset for the Consolidated Rules for 2026 Public Preview.

Source of truth: FedRAMP/rules. Definitions are published verbatim; Boundera adds cross-references and implementation context.