Eleos | Home

Vulnerability & Patch Management

External Vulnerability Assessment Scans

Level N/A

Mechanisms exist to perform quarterly external vulnerability scans (outside the organization's network looking inward) via a reputable vulnerability service provider, which include rescans until passing results are obtained or all “high” vulnerabilities are resolved, as defined by the Common Vulnerability Scoring System (CVSS).

Parent

Compliance Framework

Secure Controls Framework 2023.4

Control Number

VPM-06.6

Related

Compliance Framework

CIS v8.0

Control Number

7.5

Solutions
Community

Vulnerability & Patch Management

Internal Vulnerability Assessment Scans

Level N/A

Mechanisms exist to perform quarterly internal vulnerability scans, which includes all segments of the organization's internal network, as well as rescans until passing results are obtained or all “high” vulnerabilities are resolved, as defined by the Common Vulnerability Scoring System (CVSS).

Parent

Compliance Framework

Secure Controls Framework 2023.4

Control Number

VPM-06.7

Related

Compliance Framework

CIS v8.0

Control Number

7.6

Solutions
Community

Vulnerability & Patch Management

Acceptable Discoverable Information

Level N/A

Mechanisms exist to define what information is allowed to be discoverable by adversaries and take corrective actions to remediated non-compliant systems.

Parent

Compliance Framework

Secure Controls Framework 2023.4

Control Number

VPM-06.8

Related

Compliance Framework

NIST 800-53 Rev 5

Control Number

RA-5(4)

Solutions
Community

Vulnerability & Patch Management

Correlate Scanning Information

Level N/A

Automated mechanisms exist to correlate the output from vulnerability scanning tools to determine the presence of multi-vulnerability/multi-hop attack vectors.

Parent

Compliance Framework

Secure Controls Framework 2023.4

Control Number

VPM-06.9

Related

Compliance Framework

NIST 800-53 Rev 5

Control Number

RA-5(10)

Solutions
Community

Vulnerability & Patch Management

Penetration Testing

Level N/A

Mechanisms exist to conduct penetration testing on systems and web applications.

Parent

Compliance Framework

Secure Controls Framework 2023.4

Control Number

VPM-07

Related

Compliance Framework

CIS v8.0

CCM v4.0.10

NIST 800-53 Rev 5

CERT RMM v1.2

CMMC v2.11

Control Number

18.1

18.2

18.4

18.5

TVM-06

CA-8

SA-11(5)

VAR:SG2.SP1

VAR:SG2.SP2

CA.L3-3.12.1e

Solutions
Community

Vulnerability & Patch Management

Independent Penetration Agent or Team

Level N/A

Mechanisms exist to utilize an independent assessor or penetration team to perform penetration testing.

Parent

Compliance Framework

Secure Controls Framework 2023.4

Control Number

VPM-07.1

Related

Compliance Framework

NIST 800-53 Rev 5

Control Number

CA-8(1)

Solutions
Community

Vulnerability & Patch Management

Technical Surveillance Countermeasures Security

Level N/A

Mechanisms exist to utilize a technical surveillance countermeasures survey.

Parent

Compliance Framework

Secure Controls Framework 2023.4

Control Number

VPM-08

Related

Compliance Framework

NIST 800-53 Rev 5

CERT RMM v1.2

Control Number

RA-6

IMC:SG2.SP1

VAR:SG2.SP1

Solutions
Community

Vulnerability & Patch Management

Reviewing Vulnerability Scanner Usage

Level N/A

Mechanisms exist to monitor logs associated with scanning activities and associated administrator accounts to ensure that those activities are limited to the timeframes of legitimate scans.

Solutions
Community

Vulnerability & Patch Management

Red Team Exercises

Level N/A

Mechanisms exist to utilize "red team" exercises to simulate attempts by adversaries to compromise systems and applications in accordance with organization-defined rules of engagement.

Parent

Compliance Framework

Secure Controls Framework 2023.4

Control Number

VPM-10

Related

Compliance Framework

NIST 800-53 Rev 5

NIST CSF v1.1

Control Number

CA-8(2)

DE.DP-3

Solutions
Community

Web Security

Level N/A

Mechanisms exist to facilitate the implementation of an enterprise-wide web management policy, as well as associated standards, controls and procedures.

Parent

Compliance Framework

Secure Controls Framework 2023.4

Control Number

WEB-01

Related

Compliance Framework

CMMC v2.11

Control Number

AC.L1-b.1.iv

Solutions
Community

Vulnerability & Patch Management

Create new POAM

Create new Exception

Assign to POAM

Assign to Exception

Vulnerability & Patch Management

Create new POAM

Create new Exception

Assign to POAM

Assign to Exception

Vulnerability & Patch Management

Create new POAM

Create new Exception

Assign to POAM

Assign to Exception

Vulnerability & Patch Management

Create new POAM

Create new Exception

Assign to POAM

Assign to Exception

Vulnerability & Patch Management

Create new POAM

Create new Exception

Assign to POAM

Assign to Exception

Vulnerability & Patch Management

Create new POAM

Create new Exception

Assign to POAM

Assign to Exception

Vulnerability & Patch Management

Create new POAM

Create new Exception

Assign to POAM

Assign to Exception

Vulnerability & Patch Management

Create new POAM

Create new Exception

Assign to POAM

Assign to Exception

Vulnerability & Patch Management

Create new POAM

Create new Exception

Assign to POAM

Assign to Exception

Web Security

Create new POAM

Create new Exception

Assign to POAM

Assign to Exception

Organization Passcode

Only share this code with people you trust. Users will become a member of your organization and view your SSP and reports.