7.2: Establish and Maintain a Remediation Process

CSF v1.1 References:

CSF v2.0 References:


Info icon.

Control is new to this version of the control set and incorporates the following items from the previous version: 3.6: Compare Back-to-Back Vulnerability Scans, 3.7: Utilize a Risk-Rating Process.

Control Statement

Establish and maintain a risk-based remediation strategy documented in a remediation process, with monthly, or more frequent, reviews.

[csf.tools Note: For more information on the Critical Security Controls, visit the Center for Internet Security.]