Implement privileged access authorization to [system components to which privileged access is authorized for selected vulnerability scanning activities are defined;] for [vulnerability scanning activities selected for privileged access authorization to system components are defined;].
Supplemental
In certain situations, the nature of the vulnerability scanning may be more intrusive, or the system component that is the subject of the scanning may contain classified or controlled unclassified information, such as personally identifiable information. Privileged access authorization to selected system components facilitates more thorough vulnerability scanning and protects the sensitive nature of such scanning.