DE.CM-08

Does your organization perform regular vulnerability scanning across all systems and applications?

Explanation

Regular vulnerability scanning helps identify security weaknesses in systems, applications, and network infrastructure before they can be exploited by attackers. These scans should be performed on a defined schedule (e.g., weekly, monthly) and after significant changes to the environment, with results documented and prioritized for remediation based on severity. Evidence could include recent vulnerability scan reports showing scan dates, coverage of systems, identified vulnerabilities with severity ratings, and remediation status tracking. Additional supporting documentation might include your vulnerability scanning policy that defines scan frequency, scope, and remediation timeframes.

Context

Function: DE: DETECT
Category: DE.CM: Continuous Monitoring
Sub-Category: Vulnerability scans are performed

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Neil Cameron

Founder, ResponseHub