>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

11.3.1Internal vulnerability scans are performed as follows: At least once every three months.

>Requirement Description

Internal vulnerability scans are performed as follows: At least once every three months. Vulnerabilities that are either high-risk or critical (according to the entity’s vulnerability risk rankings defined at Requirement 6.3.1) are resolved. Rescans are performed that confirm all high-risk and all critical vulnerabilities (as noted above) have been resolved. Scan tool is kept up to date with latest vulnerability information. Scans are performed by qualified personnel and organizational independence of the tester exists. Applicability Notes It is not required to use a QSA or ASV to conduct internal vulnerability scans. Internal vulnerability scans can be performed by qualified, internal staff that are reasonably independent of the system component(s) being scanned (for example, a network administrator should not be responsible for scanning the network), or an entity may choose to have internal vulnerability scans performed by a firm specializing in vulnerability scanning.

>Cross-Framework Mappings

NIST CSF 2.0

via NIST OLIR Catalog
DE.CM-09
Compare
GV.OV-03
Compare
ID.IM-03
Compare
ID.RA-01
Compare
ID.RA-06
Compare

SCF

VPM-01.1
Compare
VPM-02
Compare
VPM-06
Compare
VPM-06.1
Compare
VPM-06.2
Compare
VPM-06.7
Compare

Ask AI

Configure your API key to use AI features.