RA-5(1): Update Tool Capability

Control Family:

Risk Assessment

Parent Control:

RA-5: Vulnerability Scanning

Priority:

P1: Implement P1 security controls first.

CSF v1.1 References:

ID.RA-1
PR.IP-12
DE.CM-8
DE.DP-4
RS.CO-3
RS.MI-3

Baselines:

Moderate
High

Control is withdrawn in the next version of this control set and incorporated into: RA-5: Vulnerability Monitoring and Scanning.

Control Statement

The organization employs vulnerability scanning tools that include the capability to readily update the information system vulnerabilities to be scanned.

Supplemental Guidance

The vulnerabilities to be scanned need to be readily updated as new vulnerabilities are discovered, announced, and scanning methods developed. This updating process helps to ensure that potential vulnerabilities in the information system are identified and addressed as quickly as possible.