>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

VM-01Vulnerability Scans

>Control Description

Organization conducts vulnerability scans against the production environment; scan tools are updated prior to running scans.

Theme

Process

Type

Detective

Policy/Standard

Vulnerability Management Policy

>Implementation Guidance

1. Ensure that the requirements for periodic vulnerability scans are defined and documented. 2. Ensure a process is established for updating the scanning tool version prior to running the scan.

>Testing Procedure

1. Review Vulnerability Management policy and/or standard to validate that they define requirements for periodic vulnerability scans. 2. Inspect scanning tool version information to ensure they are up to date. 3. Validate evidence for a sample of service production hosts/accounts to ensure that vulnerability scans are conducted and tickets are created as appropriate.

>Audit Artifacts

E-VM-01
E-VM-02
E-VM-03

>Framework Mappings

Cross-framework mappings provided by Adobe CCF Open Source under Creative Commons License.

NIST CSF
3

DE.CM-8
PR.IP-12
ID.RA-1

CIS Controls
2

7.5
7.6

ISO 27002:2022
1

8.8

FedRAMP Rev 5
5

CA-07
RA-05
SI-02
RA-05 (02)
RA-05 (03)

PCI DSS
7

11.3
11.3.1
11.3.1.1
11.3.1.2
11.3.1.3
11.3.2
+1 more

HIPAA Security Rule
3

164.308(a)(1)(ii)(A)
164.308(a)(1)(ii)(B)
164.308(a)(8)

SOC 2
2

CC3.2
CC7.1

Cyber Essentials
1

SUM

BSI C5
8

COM-03
COS-03
OPS-18
OPS-20
OPS-22
PSS-02
+2 more

TX-RAMP
5

CA-7
RA-5
RA-5(2)
RA-5(3)
SI-2

Ask AI

Configure your API key to use AI features.