Does your organization have a formal process to rapidly acquire, analyze, and respond to vulnerability disclosures affecting your technologies from suppliers, vendors, and third-party security advisories?
Explanation
Reacting to vulnerability disclosures is the focus here: assessors want a formal process to rapidly acquire, analyze, and respond to advisories affecting your technologies from suppliers and third parties. An effective vulnerability disclosure monitoring process helps identify security weaknesses promptly, allowing for timely remediation before they can be exploited by threat actors.
Evidence could include documentation of your vulnerability management process, screenshots of vulnerability tracking systems, subscription confirmations to vendor security advisories, or reports showing the timeline from vulnerability disclosure to analysis and remediation planning. A sample vulnerability bulletin or advisory distributed internally would also serve as good evidence.
Implementation Example
Rapidly acquire and analyze vulnerability disclosures for the organization's technologies from suppliers, vendors, and third-party security advisories
ID: DE.AE-07.305
Context
- Function
- DE: DETECT
- Category
- DE.AE: Adverse Event Analysis
- Sub-Category
- Cyber threat intelligence and other contextual information are integrated into the analysis
Related questions
- Has your organization established and maintained a baseline of network operations and expected data flows for users and systems?
- Does your organization use SIEM or similar tools to continuously monitor log events for malicious and suspicious activity?
- Does your organization integrate current cyber threat intelligence feeds into your log analysis and monitoring tools?
- Does your organization conduct regular manual reviews of log events for systems that cannot be adequately monitored through automated means?
- Does your organization utilize log analysis tools to generate actionable reports from log data?
- Does your organization centralize log data by continuously transferring logs from multiple sources to a consolidated set of log servers?

