Center for Internet Security (CIS)

Busy workers become desensitized by large volumes of noisy alerts and when spending too much time gathering additional information to add context.

Continuous Vulnerability Management

CIS Control Group 7

CIS Controls and CIS Benchmarks provide global standards for internet security, and are a recognized global standard and best practices for securing IT systems and data against attacks. CIS maintains the “CIS Controls”, a popular set of security controls which map to many industry-standard compliance and governance frameworks. Through an independent consensus process, CIS Benchmarks provide frameworks to help organizations bolster their security.

Center for Internet Security Requirements

Control 7.1: Establish and Maintain a Vulnerability Management Process
Establish and maintain a documented vulnerability management process for enterprise assets.
Control 7.2: Establish and Maintain a Remediation Process
Establish and maintain a risk-based remediation strategy documented in a remediation process, with monthly, or more frequent, reviews.
Control 7.5: Perform Automated Vulnerability Management Scans of Internal Enterprise Assets
Perform automated vulnerability scans of internal assets on a quarterly, or more frequent, basis. Conduct both authenticated and unauthenticated scans, using a SCAP-compliant tool.
Control 7.6: Perform Automated Vulnerability Scans of Externally-Exposed Enterprise Assets
Perform automated vulnerability scans of externally-exposed enterprise assets using a SCAP-compliant vulnerability scanning tool. Perform scans on a monthly, or more frequent, basis.
Control 7.7: Remediate Detected Vulnerabilities
Remediate detected vulnerabilities in software through processes and tooling on a monthly, or more frequent, basis, based on the remediation process.