7.5: Perform Automated Vulnerability Scans of Internal Enterprise Assets
CSF v1.1 References:
Threats Addressed:
Incorporates the following controls from the previous version: 3.1: Run Automated Vulnerability Scanning Tools, 3.2: Perform Authenticated Vulnerability Scanning, 9.3: Perform Regular Automated Port Scans, 12.2: Scan for Unauthorized Connections Across Trusted Network Boundaries.
Control Statement
Perform automated vulnerability scans of internal enterprise assets on a quarterly, or more frequent, basis. Conduct both authenticated and unauthenticated scans, using a SCAP-compliant vulnerability scanning tool.
[csf.tools Note: For more information on the Critical Security Controls, visit the Center for Internet Security.]