Conduct periodic vulnerability scans

Description

You should conduct regular vulnerability scans of production infrastructure. You should triage the results of vulnerability scans and define a period of time in which you agree to remediate the vulnerability. If you are not ready to set up a full vulnerability management program, it's useful to start by creating a patching process. For guidance in creating a patch management policy, see this TechRepublic article Establish a patch management policy

Stack layer

Security domain

Security tool initiated by this item

Infrastructure

Vulnerability

Manual input

Item file contents


Did this page help you?