03.11.02 Vulnerability Monitoring...

This policy outlines the organization's procedures for continuous monitoring and scanning of systems for vulnerabilities to proactively identify and mitigate potential threats to the confidentiality, integrity, and availability of Controlled Unclassified Information (CUI). Ensure timely vulnerability identification, remediation, and scanning updates to safeguard CUI.

• A.03.11.02.ODP[01]: the frequency at which the system is monitored for vulnerabilities is defined.
• A.03.11.02.ODP[02]: the frequency at which the system is scanned for vulnerabilities is defined.
• A.03.11.02.ODP[03]: response times to remediate system vulnerabilities are defined.
• A.03.11.02.ODP[04]: the frequency at which to update system vulnerabilities to be scanned is defined.
• A.03.11.02.a[01]: the system is monitored for vulnerabilities <A.03.11.02.ODP[01]: frequency>.
• A.03.11.02.a[02]: the system is scanned for vulnerabilities <A.03.11.02.ODP[02]: frequency>.
• A.03.11.02.a[03]: the system is monitored for vulnerabilities when new vulnerabilities that affect the system are identified.
• A.03.11.02.a[04]: the system is scanned for vulnerabilities when new vulnerabilities that affect the system are identified.
• A.03.11.02.b: system vulnerabilities are remediated within <A.03.11.02.ODP[03]: response times>.
• A.03.11.02.c[01]: system vulnerabilities to be scanned are updated <A.03.11.02.ODP[04]: frequency>.
• A.03.11.02.c[02]: system vulnerabilities to be scanned are updated when new vulnerabilities are identified and reported.