>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

6.3.1Security vulnerabilities are identified and managed as follows: New security vulnerabilities are identified using industry-recognized sources for security vulnerability information, including alerts from international and national computer emergency response teams (CERTs).

>Requirement Description

Security vulnerabilities are identified and managed as follows: New security vulnerabilities are identified using industry-recognized sources for security vulnerability information, including alerts from international and national computer emergency response teams (CERTs). Vulnerabilities are assigned a risk ranking based on industry best practices and consideration of potential impact. Risk rankings, at a minimum, identify all vulnerabilities considered to be a high-risk or critical to the environment. Vulnerabilities for bespoke and custom, and third-party software (for example operating systems and databases) are covered. Applicability Notes This requirement is not achieved by, and is in addition to, performing vulnerability scans according to Requirements 11.3.1 and 11.3.2. This requirement is for a process to actively monitor industry sources for vulnerability information and for the entity to determine the risk ranking to be associated with each vulnerability.

>Cross-Framework Mappings

NIST CSF 2.0

via NIST OLIR Catalog
DE.AE-02
Compare
DE.AE-07
Compare
GV.RM-03
Compare
GV.RM-06
Compare
GV.SC-01
Compare
GV.SC-03
Compare
GV.SC-07
Compare
GV.SC-09
Compare
ID.AM-05
Compare
ID.AM-08
Compare
ID.RA-01
Compare
ID.RA-05
Compare
PR.PS-02
Compare
RS.AN-03
Compare

SCF

GOV-07
Compare
IAO-04
Compare
TDA-15
Compare
THR-03
Compare
THR-06
Compare
VPM-01
Compare
VPM-01.1
Compare
VPM-03
Compare
VPM-05.1
Compare

Ask AI

Configure your API key to use AI features.