VPM-06.9 ยท Correlate Scanning Information

Control Description

Automated mechanisms exist to correlate the output from vulnerability scanning tools to determine the presence of multi-vulnerability/multi-hop attack vectors.

Control Question
Assessment question for control validation

Does the organization use automated mechanisms to correlate the output from vulnerability scanning tools to determine the presence of multi-vulnerability/multi-hop attack vectors?

Control Weighting
5
Validation Cadence
Quarterly
NIST CSF Function
Detect
Supply Chain Risk Management (SCRM) Tiers
Applicable SCRM tier levels for this control
Tier 2 - Operational
Tier 3 - Tactical