RA-5: Vulnerability Monitoring and Scanning
An OSCAL Control
-
-
frequency and/or randomly in accordance with organization-defined process
frequency for monitoring systems and hosted applications for vulnerabilities is defined;
-
frequency and/or randomly in accordance with organization-defined process
frequency for scanning systems and hosted applications for vulnerabilities is defined;
-
response times
response times to remediate legitimate vulnerabilities in accordance with an organizational assessment of risk are defined;
-
personnel or roles
personnel or roles with whom information obtained from the vulnerability scanning process and control assessments is to be shared;
-