>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

VM-03Vulnerability Scans: Audit Log Review

>Control Description

When vulnerabilities are identified, Organization analyzes audit logs to see if it has been previously exploited. Identified exploitations are resolved through incident management.

Theme

Process

Type

Detective

Policy/Standard

Vulnerability Management Policy

>Implementation Guidance

1. Ensure that a process is defined and documented to verify the exploitability of a vulnerability via audit logs. 2. Ensure all identified exploitations are resolved through the incident management process.

>Testing Procedure

1. Inspect and validate that a process is defined and documented to verify the exploitability of a vulnerability via audit logs. 2. Validate for a sample exploitation that it was resolved through the incident management process.

>Audit Artifacts

E-VM-01
E-VM-05

>Framework Mappings

Cross-framework mappings provided by Adobe CCF Open Source under Creative Commons License.

CIS Controls
1

18.4

PCI DSS
1

12.10

Ask AI

Configure your API key to use AI features.