IAVA

An Information Assurance Vulnerability Alert (IAVA) is the highest-priority IAVM notice, issued for critical vulnerabilities that require immediate attention. IAVAs typically mandate that affected systems be patched or mitigated within 21 days (or sometimes sooner for the most critical issues).

IAVAs represent vulnerabilities that pose a serious risk to DoD systems if left unpatched — often actively exploited vulnerabilities or those affecting widely deployed technologies. Compliance with IAVA mandates is tracked at the command level and reported upward.