An error occurred:

CCI-002372

CCI-002372 Definition

Correlate the output from vulnerability scanning tools to determine the presence of multi-vulnerability and multi-hop attack vectors.
Status
Type CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Determine if the output from vulnerability scanning tools is correlated to determine the presence of multi-vulnerability and multi-hop attack vectors.

Validation Procedures

Examine: [SELECT FROM: Risk assessment policy; procedures addressing vulnerability scanning; risk assessment; vulnerability scanning tools and techniques documentation; vulnerability scanning results; vulnerability management records; audit records; event/vulnerability correlation logs; system security plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with vulnerability scanning responsibilities; organizational personnel with vulnerability scan analysis responsibilities; organizational personnel with security responsibilities]. Test: [SELECT FROM: Organizational processes for vulnerability scanning; mechanisms/tools supporting and/or implementing vulnerability scanning; mechanisms implementing the correlation of vulnerability scan results].