CCI-001068

Compare the results of multiple vulnerability scans using organization-defined automated mechanisms.

Implementation Guidance

Determine if the results of multiple vulnerability scans are compared using [RA-05(06)_ODP; automated mechanisms to compare the results of multiple vulnerability scans are defined].

Validation Procedures

Examine: [SELECT FROM: Risk assessment policy; procedures addressing vulnerability scanning; system design documentation; vulnerability scanning tools and techniques documentation; vulnerability scanning results; system security plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with vulnerability scanning responsibilities; organizational personnel with vulnerability scan analysis responsibilities; organizational personnel with security responsibilities]. Test: [SELECT FROM: Organizational processes for vulnerability scanning; automated mechanisms/tools supporting and/or implementing vulnerability scanning; automated mechanisms supporting and/or implementing trend analysis of vulnerability scan results].

The controls below (if any) were marked by NIST as being related to CCI-001068.