CCI-001071
CCI-001071 Definition
Review historic audit logs to determine if a vulnerability identified in the organization-defined system has been previously exploited within an organization-defined time period.
Status | |
Type | CheckType.policy |
Master Assessment Datasheet
Implementation Guidance
The organization being inspected/assessed reviews audit logs and determines if the identified vulnerability has been previously exploited within the information system. Any findings must be documented and acted upon IAW IR-1.
Validation Procedures
The organization conducting the inspection/assessment obtains and examines the audit trail to determine if the organization has documented any previously identified exploited vulnerabilities.
Compelling Evidence
1.) Audit logs.