Eleos | Home

Continuous Vulnerability Management

Establish and Maintain a Remediation Process

Level 1

Establish and maintain a risk-based remediation strategy documented in a remediation process, with monthly, or more frequent, reviews.

Parent

Compliance Framework

CIS v8.0

Control Number

7.2

Related

Compliance Framework

CCM v4.0.10

Secure Controls Framework 2023.4

Control Number

A&A-03

TVM-03

TVM-08

TVM-10

VPM-02

Solutions
Community

Continuous Vulnerability Management

Perform Automated Operating System Patch Management

Level 1

Perform operating system updates on enterprise assets through automated patch management on a monthly, or more frequent, basis.

Parent

Compliance Framework

CIS v8.0

Control Number

7.3

Related

Compliance Framework

Secure Controls Framework 2023.4

Control Number

VPM-05

Solutions
Community

Continuous Vulnerability Management

Perform Automated Application Patch Management

Level 1

Perform application updates on enterprise assets through automated patch management on a monthly, or more frequent, basis.

Parent

Compliance Framework

CIS v8.0

Control Number

7.4

Related

Compliance Framework

Secure Controls Framework 2023.4

Control Number

VPM-05

VPM-05.1

VPM-05.2

VPM-05.4

Solutions
Community

Continuous Vulnerability Management

Perform Automated Vulnerability Scans of Internal Enterprise Assets

Level 2

Perform automated vulnerability scans of internal enterprise assets on a quarterly, or more frequent, basis. Conduct both authenticated and unauthenticated scans, using a SCAP-compliant vulnerability scanning tool.

Parent

Compliance Framework

CIS v8.0

Control Number

7.5

Related

Compliance Framework

CCM v4.0.10

Secure Controls Framework 2023.4

Control Number

TVM-07

VPM-06

VPM-06.6

Solutions
Community

Continuous Vulnerability Management

Perform Automated Vulnerability Scans of Externally-Exposed Enterprise Assets

Level 2

Perform automated vulnerability scans of externally-exposed enterprise assets using a SCAP-compliant vulnerability scanning tool. Perform scans on a monthly, or more frequent, basis.

Parent

Compliance Framework

CIS v8.0

Control Number

7.6

Related

Compliance Framework

CCM v4.0.10

Secure Controls Framework 2023.4

Control Number

TVM-07

VPM-06

VPM-06.7

Solutions
Community

Continuous Vulnerability Management

Remediate Detected Vulnerabilities

Level 2

Remediate detected vulnerabilities in software through processes and tooling on a monthly, or more frequent, basis, based on the remediation process.

Parent

Compliance Framework

CIS v8.0

Control Number

7.7

Related

Compliance Framework

CCM v4.0.10

Secure Controls Framework 2023.4

Control Number

TVM-03

VPM-02

VPM-04

Solutions
Community

Audit Log Management

Establish and Maintain an Audit Log Management Process

Level 1

Establish and maintain an audit log management process that defines the enterprise’s logging requirements. At a minimum, address the collection, review, and retention of audit logs for enterprise assets. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard.

Parent

Compliance Framework

CIS v8.0

Control Number

8.1

Related

Compliance Framework

CCM v4.0.10

Secure Controls Framework 2023.4

Control Number

A&A-01

GRC-03

LOG-01

LOG-02

LOG-07

MON-01.8

MON-02

Solutions
Community

Audit Log Management

Conduct Audit Log Reviews

Level 2

Conduct reviews of audit logs to detect anomalies or abnormal events that could indicate a potential threat. Conduct reviews on a weekly, or more frequent, basis.

Parent

Compliance Framework

CIS v8.0

Control Number

8.11

Related

Compliance Framework

CCM v4.0.10

Secure Controls Framework 2023.4

CMMC v2.11

CCM v4.0.10

ISO 27002:2022

NIST CSF v1.1

NIST 800-171 Rev 2

NIST 800-53 Rev 5

Control Number

LOG-05

MON-02.2

AU.L2-3.3.5

LOG-13

5.25

DE.AE-2

PR.PT-1

RS.AN-1

3.3.3

3.3.5

AU-6(1)

AU-7(1)

Solutions
Community

Audit Log Management

Collect Service Provider Logs

Level 3

Collect service provider logs, where supported. Example implementations include collecting authentication and authorization events, data creation and disposal events, and user management events.

Parent

Compliance Framework

CIS v8.0

Control Number

8.12

Related

Compliance Framework

Secure Controls Framework 2023.4

Control Number

MON-02

MON-02.1

MON-02.3

Solutions
Community

Audit Log Management

Collect Audit Logs

Level 1

Collect audit logs. Ensure that logging, per the enterprise’s audit log management process, has been enabled across enterprise assets.

Parent

Compliance Framework

CIS v8.0

Control Number

8.2

Related

Compliance Framework

CCM v4.0.10

Secure Controls Framework 2023.4

Control Number

LOG-08

MON-01

MON-02

MON-02.7

MON-03

Solutions
Community

Continuous Vulnerability Management

Create new POAM

Create new Exception

Assign to POAM

Assign to Exception

Continuous Vulnerability Management

Create new POAM

Create new Exception

Assign to POAM

Assign to Exception

Continuous Vulnerability Management

Create new POAM

Create new Exception

Assign to POAM

Assign to Exception

Continuous Vulnerability Management

Create new POAM

Create new Exception

Assign to POAM

Assign to Exception

Continuous Vulnerability Management

Create new POAM

Create new Exception

Assign to POAM

Assign to Exception

Continuous Vulnerability Management

Create new POAM

Create new Exception

Assign to POAM

Assign to Exception

Audit Log Management

Create new POAM

Create new Exception

Assign to POAM

Assign to Exception

Audit Log Management

Create new POAM

Create new Exception

Assign to POAM

Assign to Exception

Audit Log Management

Create new POAM

Create new Exception

Assign to POAM

Assign to Exception

Audit Log Management

Create new POAM

Create new Exception

Assign to POAM

Assign to Exception

Organization Passcode

Only share this code with people you trust. Users will become a member of your organization and view your SSP and reports.