`Data.gov & 18F shares information obtained from the vulnerability scanning process and security control assessments with designated System Owners, DevOPs, GSA SecOps, ISSM and the Authorizing Official (AO) to help eliminate similar vulnerabilities in other information systems (i.e., systemic weaknesses or deficiencies).
The Data.gov, 18F ISSO, ISSM, System Program Manager, System Owners submits and reports all unmitigated vulnerabilities quarterly as part of the POA&M to the GSA OCISO (unless scanned by GSA enterprise vulnerability scanning solution).``