RA-5(2): Update Vulnerabilities to Be Scanned

Control Family:

Risk Assessment


  • Low
  • Moderate
  • High

Previous Version:

Control Statement

Update the system vulnerabilities to be scanned [Assignment (one or more): [Assignment: organization-defined frequency] , prior to a new scan, when new vulnerabilities are identified and reported].

Supplemental Guidance

Due to the complexity of modern software, systems, and other factors, new vulnerabilities are discovered on a regular basis. It is important that newly discovered vulnerabilities are added to the list of vulnerabilities to be scanned to ensure that the organization can take steps to mitigate those vulnerabilities in a timely manner.