Center for Internet Security (CIS)

Develop a plan to continuously assess and track vulnerabilities on all enterprise assets.

Continuous Vulnerability Management

CIS Control Group 7

CIS Controls and CIS Benchmarks provide global standards for internet security, and are a recognized global standard and best practices for securing IT systems and data against attacks. CIS maintains the “CIS Controls”, a popular set of security controls which map to many industry-standard compliance and governance frameworks. Through an independent consensus process, CIS Benchmarks provide frameworks to help organizations bolster their security.

Center for Internet Security Requirements

Control 7.2: Establish and Maintain a Remediation Process

Establish and maintain a risk-based remediation strategy documented in a remediation process, with monthly, or more frequent, reviews.

Control 7.5: Perform Automated Vulnerability Management Scans of Internal Enterprise Assets

Perform automated vulnerability scans of internal assets on a quarterly, or more frequent, basis. Conduct both authenticated and unauthenticated scans, using a SCAP-compliant tool.

Control 7.6: Perform Automated Vulnerability Scans of Externally-Exposed Enterprise Assets

Perform automated vulnerability scans of externally-exposed enterprise assets using a SCAP-compliant vulnerability scanning tool. Perform scans on a monthly, or more frequent, basis.

Control 7.7: Remediate Detected Vulnerabilities

Remediate detected vulnerabilities in software through processes and tooling on a monthly, or more frequent, basis, based on the remediation process.

Control 7.1: Establish and Maintain a Vulnerability Management Process

Establish and maintain a documented vulnerability management process for enterprise assets.

How VULNERA Helps You

Identify New and Emerging Vulnerabilities

Continuously assess internal, external, and cloud targets for threats which increase the likelihood of a compromise

remediation-activities

Prioritize Remediation
Efforts

Use results to classify threat level, risk, and potential impact of a compromise to the organization

Validate Efficacy of
Security Controls

After security controls have been applied, re-testing of the environment checks that vulnerabilities have been remediated

Accelerate Security Teams

Schedule a free consultation with a vulnerability expert to discuss your use cases and to see a demo.