Navigate

CCI-002373

CCI-002373 Definition

Define the breadth and depth of vulnerability scanning coverage (i.e., information system components scanned and vulnerabilities checked).

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed employs the DoD Enterprise scanning tool.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the software list or vulnerability scanning procedures to ensure the organization being inspected/assessed employs the DoD Enterprise scanning tool.

Compelling Evidence

1.) System security plan (SSP). 2.) Reference to system security plan (SSP) section pertaining to vulnerability scanning procedure to define the scope and coverage.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-002373.

Control	Description
RA-5(3)	The organization employs vulnerability scanning procedures that can identify the breadth and depth of coverage (i.e., information system components scanned and vulnerabilities checked).