From the document: "The DoD will: a. Use the DoD vulnerability management process to manage and respond to vulnerabilities identified in all software, firmware, and hardware within the DODIN. b. Ensure configuration, asset, remediation, and mitigation management supports vulnerability management within the DODIN in accordance with DoD Instruction (DoDI) 8510.01. c. Support all systems, subsystems, and system components owned by or operated on behalf of DoD with efficient vulnerability assessment techniques, procedures, and capabilities. In leased systems, enforcement is included in contract language to mitigate vulnerabilities consistent with DoD policies. d. Maintain the requirements for DoD participation in the VEP and ensure DoD and OSD Components submit a vulnerability to the VEP that is both a newly discovered vulnerability and not publicly known vulnerability, as soon as practicable."