7.5: Perform Automated Vulnerability Scans of Internal Enterprise Assets

CSF v1.1 References:

Threats Addressed:

Group:

Control Statement

Perform automated vulnerability scans of internal enterprise assets on a quarterly, or more frequent, basis. Conduct both authenticated and unauthenticated scans, using a SCAP-compliant vulnerability scanning tool.

[csf.tools Note: For more information on the Critical Security Controls, visit the Center for Internet Security.]