CCI-001058
CCI-001058 Definition
Analyze vulnerability scan reports and results from vulnerability monitoring.
Status | |
Type | CheckType.policy |
Master Assessment Datasheet
Implementation Guidance
The organization being inspected/assessed analyzes vulnerability scan reports and security control assessment results with the intent of identifying legitimate vulnerabilities and the relationship between vulnerabilities and security controls.
Validation Procedures
The organization conducting the inspection/assessment will interview organizational personnel with security control assessment and vulnerability scanning responsibilities. The purpose of the reviews and interviews is to validate the organization is conducting an analysis of the vulnerability scan reports and results from the security control assessments.
Compelling Evidence
1.) Sample of conducted vulnerability scans.