Benefits & Features
Vulnerability scanning focuses on identifying vulnerabilities which exist on a given host. These scans can then be used to generate reports and dashboards to show risk exposure and help in prioritizing remediation efforts. In today’s digital environment, keeping operating systems, applications, and other 3rd party software up to date is critical in protecting digital assets.
Along with vulnerability scanning, compliance audits against standards such as those set forth by the National Institute of Standards and Technology (NIST) can be performed to verify configuration settings and compliance. All this can be completed in one tool to give a full picture of how at risk an asset may be.
Features included:
- Network scanning
- Agent-based scanning
- Remediation scanning
- Industry leading reports & dashboards
- Compliance & configuration auditing
Pricing
There is no charge for this service, which is considered a common-good service.
Requirements
As established in ITS-13: Risk Management Standards - Section 4.3.2 Vulnerability Management - Vulnerability Remediation or Quarantine, vulnerabilities should be remediated in accordance with the criticality based timeframes listed below.
Where a vulnerability cannot be remediated within these defined vulnerability compliance timelines, a system owner or administrator must complete a Plan of Action and Milestones (POAM) that details the plan and timeline to remediate the vulnerability, implement alternative mitigation controls, and seek risk acceptance approval. Exceptions approved in a POAM are considered temporary solutions until a long term solution can be implemented.
|
Vulnerability Compliance Timeline |
|
Severity |
Remediation Time Frame |
POAM / Quarantine Determination |
Urgent (Zero-Day / As-Directed) |
7 calendar days |
CISO Directed |
Critical |
15 calendar days |
> 30 days |
High |
30 calendar days |
> 60 days |
Medium |
45 calendar days |
> 90 days |
Low |
60 calendar days |
> 120 days |