Continuous Vulnerability Management
Develop a plan to continuously assess and track vulnerabilities on all enterprise assets within the enterprise's infrastructure, in order to remediate, and minimize, the window of opportunity for attackers. Monitor public and private industry sources for new threat and vulnerability information.
Why Is This Control Critical?
Cyber defenders are constantly being challenged by attackers who are looking for vulnerabilities within their infrastructure to exploit and gain access. Defenders must have timely threat information available to them about: software updates, patches, security advisories, threat bulletins, etc., and they should regularly review their environment to identify these vulnerabilities before the attackers do. Understanding and managing vulnerabilities is a continuous activity, requiring focus of time, attention, and resources.
Related Policy Templates
Safeguards (7)
| ID | Title | Asset Type | Function | Implementation Groups |
|---|---|---|---|---|
| 7.1 | Establish and Maintain a Vulnerability Management Process | Applications | Protect |
IG1
IG2
IG3
|
| 7.2 | Establish and Maintain a Remediation Process | Applications | Respond |
IG1
IG2
IG3
|
| 7.3 | Perform Automated Operating System Patch Management | Applications | Protect |
IG1
IG2
IG3
|
| 7.4 | Perform Automated Application Patch Management | Applications | Protect |
IG1
IG2
IG3
|
| 7.5 | Perform Automated Vulnerability Scans of Internal Enterprise Assets | Applications | Identify |
IG2
IG3
|
| 7.6 | Perform Automated Vulnerability Scans of Externally>Exposed Enterprise Assets | Applications | Identify |
IG2
IG3
|
| 7.7 | Remediate Detected Vulnerabilities | Applications | Respond |
IG2
IG3
|