>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

RA-5(8)Vulnerability Monitoring and Scanning | Review Historic Audit Logs

IL4 High
IL5
IL6

>Control Description

Review historic audit logs to determine if a vulnerability identified in a organization-defined system has been previously exploited within an organization-defined time period.

>DoD Impact Level Requirements

Additional Requirements and Guidance

RA-5 (8) Requirement: This enhancement is required for all high (or critical) vulnerability scan findings.

>Discussion

Reviewing historic audit logs to determine if a recently detected vulnerability in a system has been previously exploited by an adversary can provide important information for forensic analyses. Such analyses can help identify, for example, the extent of a previous intrusion, the trade craft employed during the attack, organizational information exfiltrated or modified, mission or business capabilities affected, and the duration of the attack.

>Related Controls

AU-6
AU-11

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What is your organization's documented risk assessment policy and how does it address the requirements of RA-5(8)?
  • Who has been designated as responsible for conducting and maintaining risk assessments?
  • How frequently are risk assessments conducted and what triggers an update to the risk assessment?

Technical Implementation:

  • What methodology or framework do you use to conduct risk assessments?
  • How do you identify and categorize threats and vulnerabilities during the risk assessment process?
  • What tools or systems support your risk assessment activities?
  • What vulnerability scanning tools are used and how often are scans performed?

Evidence & Documentation:

  • Can you provide the most recent risk assessment report?
  • What evidence demonstrates that risk assessment findings are communicated to appropriate stakeholders?
  • Where are risk assessment results documented and how long are they retained?
  • Can you provide recent vulnerability scan reports and evidence of remediation?

Ask AI

Configure your API key to use AI features.