RA-5: Vulnerability Monitoring and Scanning

An OSCAL Control

- frequency and/or randomly in accordance with organization-defined process
  frequency for monitoring systems and hosted applications for vulnerabilities is defined;
- response times
  response times to remediate legitimate vulnerabilities in accordance with an organizational assessment of risk are defined;
- personnel or roles
  personnel or roles with whom information obtained from the vulnerability scanning process and control assessments is to be shared;
- organization-defined frequency and/or randomly in accordance with organization-defined process
- frequency and/or randomly in accordance with organization-defined process
  frequency for scanning systems and hosted applications for vulnerabilities is defined;