CCI-001225
CCI-001225 Definition
Identify system flaws.
Status | |
Type | CheckType.policy |
Master Assessment Datasheet
Implementation Guidance
The organization being inspected/assessed documents and implements a process to identify information system flaws. The process shall include review of the system through automated scans and manual checks to determine the existence of flaws such as IAVM, CVE, or other resources.
Validation Procedures
The organization conducting the inspection/assessment obtains and examines the documented process to ensure the organization being inspected/assessed identifies information system flaws.
Compelling Evidence
1.) Signed and dated System security plan (SSP) with a reference to the section that pertains to how information system flaws are to be identified (scans, manual checks, integrity monitor, etc.…)