CCI-001064

Implementation Guidance

Determine if the system vulnerabilities to be scanned are updated [RA-05(02)_ODP[01]; one or more of the following PARAMETER VALUES is/are selected: {[RA-05(02)_ODP[02]; the frequency for updating the system vulnerabilities to be scanned is defined (if selected)]; prior to a new scan; when new vulnerabilities are identified and reported}].

Validation Procedures

Examine: [SELECT FROM: Procedures addressing vulnerability scanning; assessment report; vulnerability scanning tools and associated configuration documentation; vulnerability scanning results; patch and vulnerability management records; system security plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with vulnerability scanning responsibilities; organizational personnel with vulnerability scan analysis responsibilities; organizational personnel with security responsibilities; system/network administrators]. Test: [SELECT FROM: Organizational processes for vulnerability scanning; mechanisms/tools supporting and/or implementing vulnerability scanning].