An error occurred:

© 2025 Xylok, LLC

Version: features-advanced-collector-898c2c - rmfrev4

Navigate

CCI-001641

CCI-001641 Definition

Defines the process for conducting random vulnerability scans on the system and hosted applications.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Validation Procedures

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-001641.

Control

Description

The organization:

a: Scans for vulnerabilities in the information system and hosted applications [one of ] and when new vulnerabilities potentially affecting the system/applications are identified and reported;

b: Employs vulnerability scanning tools and techniques that facilitate interoperability among tools and automate parts of the vulnerability management process by using standards for:
- 1: Enumerating platforms, software flaws, and improper configurations;
- 2: Formatting checklists and test procedures; and
- 3: Measuring vulnerability impact;

c: Analyzes vulnerability scan reports and results from security control assessments;

d: Remediates legitimate vulnerabilities [one of ] in accordance with an organizational assessment of risk; and

e: Shares information obtained from the vulnerability scanning process and security control assessments with [one of ] to help eliminate similar vulnerabilities in other information systems (i.e., systemic weaknesses or deficiencies).