Incident response
Xylem maintains a coordinated vulnerability disclosure (CVD) policy to support responsible reporting of security issues. Our product security incident response team (PSIRT) handles intake, triage, remediation, and disclosure in alignment with the EU Cyber Resilience Act. Xylem is also an approved CVE Numbering Authority (CNA) for its products and technologies.
-
Triage
Xylem PSIRT acknowledges reported vulnerabilities and begins triage. If valid, a risk assessment is conducted based on technical severity, business impact, and product.
-
Remediation
A remediation plan will then be determined based on the risk of the vulnerability and can include patches, updates, configuration changes, or implementing compensating controls.
-
Disclosure / security advisory
Once a remediation plan is ready, Xylem PSIRT coordinates disclosure through customer notifications, security advisories, or DHS CISA as appropriate.
-
Sensus product security
Sensus regularly provides customers with information on threats and risks to the AMI industry and our solutions, helping them stay informed and aware of emerging security issues.
-
Managing cyber risk in the water sector
Keeping water infrastructure safe and efficient requires smart cybersecurity and quick response. Our approach helps protect systems from cyber risks.
External threat information sources
ISAC
- Membership in the Water Information Sharing and Analysis Center (ISAC), the international security network created by and for the water and wastewater sector. As a cybersecurity partner, you can learn more about security preparedness at www.waterisac.org
CISA
NIST
- Cybersecurity activities overview
- National Cybersecurity Center of Excellence
- National Vulnerabilities Database
- Cybersecurity Framework
European sources
Stay informed on security updates
Subscribe to our newsletter or sign up for notifications about the latest Xylem security advisories.