3.1: Run Automated Vulnerability Scanning Tools
The next version of the control set incorporates all or part of this control into: 7.5: Perform Automated Vulnerability Scans of Internal Enterprise Assets, 7.6: Perform Automated Vulnerability Scans of Externally-Exposed Enterprise Assets.
Control Statement
Utilize an up-to-date Security Content Automation Protocol (SCAP) compliant vulnerability scanning tool to automatically scan all systems on the network on a weekly or more frequent basis to identify all potential vulnerabilities on the organization’s systems.
[csf.tools Note: For more information on the Critical Security Controls, visit the Center for Internet Security.]