>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

VM-04Vulnerability Scans: Trend Analysis

>Control Description

Organization reviews vulnerability trends over time to include in risk assessments; high and moderate risk vulnerabilities are remediated in 30 and 90 days, respectively.

Theme

Process

Type

Corrective

Policy/Standard

Vulnerability Management Policy

>Implementation Guidance

1. Ensure that a process has been defined and documented for reviewing vulnerability trends. 2. Ensure that appropriate SLAs are defined to remediate high and moderate vulnerabilities in 30 and 90 days. 3. Ensure the results of these reviews are included in risk assessments.

>Testing Procedure

1. Inspect and validate that a process has been defined and documented for reviewing vulnerability trends. 2. Validate that appropriate SLAs are defined to remediate high and moderate risk vulnerabilities in 30 and 90 days. 3. For a sample of vulnerabilities, validate whether medium and high risk vulnerabilities were remediated within the SLA.

>Audit Artifacts

E-VM-01
E-VM-06

>Framework Mappings

Cross-framework mappings provided by Adobe CCF Open Source under Creative Commons License.

CIS Controls
1

18.4

FedRAMP Rev 5
1

RA-05

PCI DSS
7

11.3
11.3.1
11.3.1.1
11.3.1.2
11.3.1.3
11.3.2
+1 more

TX-RAMP
1

RA-5

Ask AI

Configure your API key to use AI features.