Conduct periodic vulnerability scans


You should conduct regular vulnerability scans of production infrastructure. You should triage the results of vulnerability scans and define a period of time in which you agree to remediate the vulnerability. If you are not ready to set up a full vulnerability management program, it's useful to start by creating a patching process. For guidance in creating a patch management policy, see this TechRepublic article Establish a patch management policy

Stack layer

Security domain

Security tool initiated by this item



Manual input

Item file contents

Did this page help you?