Vulnerability & Patch Management

Mechanisms exist to perform quarterly external vulnerability scans (outside the organization's network looking inward) via a reputable vulnerability service provider, which include rescans until passing results are obtained or all “high” vulnerabilities are resolved, as defined by the Common Vulnerability Scoring System (CVSS).

Login

Vulnerability & Patch Management

Mechanisms exist to perform quarterly internal vulnerability scans, which includes all segments of the organization's internal network, as well as rescans until passing results are obtained or all “high” vulnerabilities are resolved, as defined by the Common Vulnerability Scoring System (CVSS).

Login

Vulnerability & Patch Management

Mechanisms exist to define what information is allowed to be discoverable by adversaries and take corrective actions to remediated non-compliant systems.

Login

Vulnerability & Patch Management

Automated mechanisms exist to correlate the output from vulnerability scanning tools to determine the presence of multi-vulnerability/multi-hop attack vectors.

Login

Vulnerability & Patch Management

Mechanisms exist to conduct penetration testing on systems and web applications.

Login

Vulnerability & Patch Management

Mechanisms exist to utilize an independent assessor or penetration team to perform penetration testing.

Login

Vulnerability & Patch Management

Mechanisms exist to utilize a technical surveillance countermeasures survey.

Login

Vulnerability & Patch Management

Mechanisms exist to monitor logs associated with scanning activities and associated administrator accounts to ensure that those activities are limited to the timeframes of legitimate scans.

Login

Vulnerability & Patch Management

Level N/A

Mechanisms exist to utilize "red team" exercises to simulate attempts by adversaries to compromise systems and applications in accordance with organization-defined rules of engagement.

Login

Web Security

Level N/A

Mechanisms exist to facilitate the implementation of an enterprise-wide web management policy, as well as associated standards, controls and procedures.

Login