Does your organization perform regular vulnerability scanning across all systems and applications?
Explanation
Regular vulnerability scanning helps identify security weaknesses in systems, applications, and network infrastructure before they can be exploited by attackers. These scans should be performed on a defined schedule (e.g., weekly, monthly) and after significant changes to the environment, with results documented and prioritized for remediation based on severity.
Evidence could include recent vulnerability scan reports showing scan dates, coverage of systems, identified vulnerabilities with severity ratings, and remediation status tracking. Additional supporting documentation might include your vulnerability scanning policy that defines scan frequency, scope, and remediation timeframes.
Context
- Function
- DE: DETECT
- Category
- DE.CM: Continuous Monitoring
- Sub-Category
- Vulnerability scans are performed
Related questions
- Does your organization have a system in place to monitor DNS, BGP, and other critical network services for suspicious or malicious activities?
- Does your organization implement network monitoring controls to detect and alert on unauthorized endpoint connections to both wired and wireless networks?
- Does your organization have a process to regularly monitor facilities for unauthorized or rogue wireless networks?
- Does your organization regularly compare actual network traffic flows against established baselines to detect and investigate deviations?
- Does your organization continuously monitor network communications to detect changes in security postures as part of a zero trust architecture?
- Does your organization monitor physical access control logs for unusual patterns and failed access attempts?

