Establish, monitor and report metrics for vulnerability identification and remediation at defined intervals.
The integrated TVM system should be used to collect and report metrics about the vulnerability management program. Metrics should demonstrate the coverage, efficacy, and efficiency of operational TVM activities.
- Verify that metrics have been established to measure vulnerabilities.
- Examine the process for reporting metrics, including identification of recipients.
- Determine if reports are sent at the defined intervals.
[csf.tools Note: For more information on the Cloud Controls Matrix, visit the CSA Cloud Controls Matrix Homepage.]
Cloud Control Matrix is Copyright 2023 Cloud Security Alliance.