7.1: Establish and Maintain a Vulnerability Management Process

CSF v1.1 References:

ID.RA-1

Group:

Control is new to this version of the control set.

Control Statement

Establish and maintain a documented vulnerability management process for enterprise assets. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard.

[csf.tools Note: For more information on the Critical Security Controls, visit the Center for Internet Security.]

Control Statement

Related Controls

NIST Special Publication 800-53 Revision 5

NIST Special Publication 800-171 Revision 2

NIST Special Publication 800-53 Revision 4