VM-22—Vulnerability Remediation

>Control Description

Organization assigns a risk rating to identified vulnerabilities and prioritizes remediation of legitimate vulnerabilities according to the assigned risk.

Theme

Process

Type

Corrective

Policy/Standard

Vulnerability Management Policy

>Implementation Guidance

1. Ensure a process has been defined and documented for assigning risk rating to all identified vulnerabilities. 2. Ensure vulnerabilities are remediated and prioritized as per the risk rating.

>Testing Procedure

1. Inspect and validate whether a process has been defined and documented for assigning risk rating to all identified vulnerabilities. 2. Validate for a sample of vulnerabilities whether they were remediated as per their risk rating.

>Audit Artifacts

E-VM-01

E-VM-20

>Framework Mappings

Cross-framework mappings provided by Adobe CCF Open Source under Creative Commons License.

Ask AI

Configure your API key to use AI features.

>Control Description

Theme

Type

Policy/Standard

>Implementation Guidance

>Testing Procedure

>Audit Artifacts

>Framework Mappings

CIS Controls5

FedRAMP Rev 52

PCI DSS1

TX-RAMP2

Ask AI

CIS Controls
5

FedRAMP Rev 5
2

PCI DSS
1

TX-RAMP
2