Does your organization actively monitor cyber threat intelligence sources for vulnerabilities related to emerging technologies?
Explanation
Monitoring cyber threat intelligence sources helps organizations stay informed about new vulnerabilities that may affect emerging technologies before implementation or shortly after adoption. This proactive approach allows security teams to apply patches, implement mitigations, or adjust security controls before vulnerabilities can be widely exploited.
Evidence of compliance could include documentation of subscribed threat intelligence feeds (commercial or open-source), meeting minutes from threat intelligence reviews, reports showing emerging technology vulnerability assessments, or screenshots of threat intelligence platforms with annotations showing how emerging technology vulnerabilities are tracked and assessed.
Implementation Example
Monitor sources of cyber threat intelligence for information on the types of vulnerabilities that emerging technologies may have
ID: ID.RA-02.155
Context
- Function
- ID: IDENTIFY
- Category
- ID.RA: Risk Assessment
- Sub-Category
- Cyber threat intelligence is received from information sharing forums and sources
Related questions
- Does your organization implement vulnerability management tools to detect unpatched software and misconfigurations?
- Does your organization regularly conduct security architecture reviews to identify and remediate design and implementation weaknesses?
- Does your organization conduct security reviews, analysis, or testing of internally developed software to identify vulnerabilities in design, code, and default configurations?
- Has your organization conducted a comprehensive physical security assessment of all facilities housing critical computing assets within the past 12 months?
- Does your organization actively monitor cyber threat intelligence sources for information about new vulnerabilities in your products and services?
- Does your organization regularly conduct vulnerability assessments of business processes and procedures to identify potential cybersecurity weaknesses?

