An error occurred:

CCI-002373

CCI-002373 Definition

Define the breadth and depth of vulnerability scanning coverage (i.e., information system components scanned and vulnerabilities checked).
Status
Type CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Determine if the breadth and depth of vulnerability scanning coverage are defined.

Validation Procedures

Examine: [SELECT FROM: Procedures addressing vulnerability scanning; assessment report; vulnerability scanning tools and associated configuration documentation; vulnerability scanning results; patch and vulnerability management records; system security plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with vulnerability scanning responsibilities; organizational personnel with vulnerability scan analysis responsibilities; organizational personnel with security responsibilities]. Test: [SELECT FROM: Organizational processes for vulnerability scanning; mechanisms/tools supporting and/or implementing vulnerability scanning].