CCI-004638

Defines the system in which will be identified for determining if a vulnerability has been exploited.

Implementation Guidance

Determine if historic audit logs are reviewed to determine if a vulnerability identified in a [RA-05(08)_ODP[01]; a system whose historic audit logs are to be reviewed is defined] has been previously exploited within [RA-05(08)_ODP[02]; a time period for a potential previous exploit of a system is defined].

Validation Procedures

Examine: [SELECT FROM: Risk assessment policy; procedures addressing vulnerability scanning; audit logs; records of audit log reviews; vulnerability scanning results; patch and vulnerability management records; system security plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with vulnerability scanning responsibilities; organizational personnel with vulnerability scan analysis responsibilities; organizational personnel with audit record review responsibilities; system/network administrators; organizational personnel with security responsibilities]. Test: [SELECT FROM: Organizational processes for vulnerability scanning; organizational process for audit record review and response; mechanisms/tools supporting and/or implementing vulnerability scanning; mechanisms supporting and/or implementing audit record review].

The controls below (if any) were marked by NIST as being related to CCI-004638.