Description
The organization scans for vulnerabilities in the information system [Assignment: organization-defined frequency] or when significant new vulnerabilities potentially affecting the system are identified and reported.
Supplemental Guidance
Vulnerability scanning is conducted using appropriate scanning tools and techniques. The organization trains selected personnel in the use and maintenance of vulnerability scanning tools and techniques. Vulnerability scans are scheduled and/or random in accordance with organizational policy and assessment of risk. The information obtained from the vulnerability scanning process is freely shared with appropriate personnel throughout the organization to help eliminate similar vulnerabilities in other information systems. Vulnerability analysis for custom software and applications may require additional, more specialized approaches (e.g., vulnerability scanning tools for applications, source code reviews, static analysis of source code). NIST Special Publication 800-42 provides guidance on network security testing. NIST Special Publication 800-40 (Version 2) provides guidance on patch and vulnerability management.
Changes from Rev 4
Title changed from 'Vulnerability Scanning' Control text adds requirement to employ vulnerability monitoring tools that include the capability to readily update the vulnerabilities to be scanned Discussion expanded to explain vulnerability monitoring Incorporates withdrawn control RA-05(1)
MITRE ATT&CK Techniques (107)
ATT&CK v16.1Techniques mitigated by this control, mapped via CTID.
Initial Access 8 Execution 12 Persistence 33 Privilege Escalation 26 Defense Evasion 38 Credential Access 9 Discovery 2 Lateral Movement 10 Collection 9 Command & Control 1 Exfiltration 3
Show all 107 techniques grouped by tactic
Initial Access
Execution
T1047 Windows Management Instrumentation T1053 Scheduled Task/Job T1059 Command and Scripting Interpreter T1559 Inter-Process Communication T1053.002 At T1053.003 Cron T1053.005 Scheduled Task T1059.001 PowerShell T1059.005 Visual Basic T1059.007 JavaScript T1204.003 Malicious Image T1559.002 Dynamic Data Exchange
Persistence
T1053 Scheduled Task/Job T1078 Valid Accounts T1133 External Remote Services T1137 Office Application Startup T1176 Browser Extensions T1505 Server Software Component T1525 Implant Internal Image T1543 Create or Modify System Process T1574 Hijack Execution Flow T1053.002 At T1053.003 Cron T1053.005 Scheduled Task T1098.004 SSH Authorized Keys T1137.001 Office Template Macros T1505.001 SQL Stored Procedures T1505.002 Transport Agent T1505.003 Web Shell T1505.004 IIS Components T1505.005 Terminal Services DLL T1542.004 ROMMONkit T1542.005 TFTP Boot T1546.002 Screensaver T1546.014 Emond T1547.006 Kernel Modules and Extensions T1547.007 Re-opened Applications T1547.008 LSASS Driver T1574.001 DLL Search Order Hijacking T1574.004 Dylib Hijacking T1574.005 Executable Installer File Permissions Weakness T1574.007 Path Interception by PATH Environment Variable T1574.008 Path Interception by Search Order Hijacking T1574.009 Path Interception by Unquoted Path T1574.010 Services File Permissions Weakness
Privilege Escalation
T1053 Scheduled Task/Job T1068 Exploitation for Privilege Escalation T1078 Valid Accounts T1484 Domain or Tenant Policy Modification T1543 Create or Modify System Process T1548 Abuse Elevation Control Mechanism T1574 Hijack Execution Flow T1053.002 At T1053.003 Cron T1053.005 Scheduled Task T1098.004 SSH Authorized Keys T1546.002 Screensaver T1546.014 Emond T1547.006 Kernel Modules and Extensions T1547.007 Re-opened Applications T1547.008 LSASS Driver T1548.002 Bypass User Account Control T1548.003 Sudo and Sudo Caching T1548.006 TCC Manipulation T1574.001 DLL Search Order Hijacking T1574.004 Dylib Hijacking T1574.005 Executable Installer File Permissions Weakness T1574.007 Path Interception by PATH Environment Variable T1574.008 Path Interception by Search Order Hijacking T1574.009 Path Interception by Unquoted Path T1574.010 Services File Permissions Weakness
Defense Evasion
T1078 Valid Accounts T1127 Trusted Developer Utilities Proxy Execution T1211 Exploitation for Defense Evasion T1218 System Binary Proxy Execution T1221 Template Injection T1484 Domain or Tenant Policy Modification T1548 Abuse Elevation Control Mechanism T1562 Impair Defenses T1574 Hijack Execution Flow T1578 Modify Cloud Compute Infrastructure T1612 Build Image on Host T1127.001 MSBuild T1127.002 ClickOnce T1218.003 CMSTP T1218.004 InstallUtil T1218.005 Mshta T1218.008 Odbcconf T1218.009 Regsvcs/Regasm T1218.012 Verclsid T1218.013 Mavinject T1218.014 MMC T1218.015 Electron Applications T1542.004 ROMMONkit T1542.005 TFTP Boot T1548.002 Bypass User Account Control T1548.003 Sudo and Sudo Caching T1548.006 TCC Manipulation T1562.010 Downgrade Attack T1574.001 DLL Search Order Hijacking T1574.004 Dylib Hijacking T1574.005 Executable Installer File Permissions Weakness T1574.007 Path Interception by PATH Environment Variable T1574.008 Path Interception by Search Order Hijacking T1574.009 Path Interception by Unquoted Path T1574.010 Services File Permissions Weakness T1578.001 Create Snapshot T1578.002 Create Cloud Instance T1578.003 Delete Cloud Instance
Credential Access
Lateral Movement
T1091 Replication Through Removable Media T1210 Exploitation of Remote Services T1563 Remote Service Session Hijacking T1021.001 Remote Desktop Protocol T1021.003 Distributed Component Object Model T1021.004 SSH T1021.005 VNC T1021.006 Windows Remote Management T1563.001 SSH Hijacking T1563.002 RDP Hijacking
Collection
Command & Control
Compliance Mappings
ISO 27001:2022
8.2A.5.7A.8.8
ISO 27002:2022
5.78.8
COBIT 2019
APO12
CIS Controls v8
CIS 16.2CIS 16.6CIS 18CIS 18.4CIS 7CIS 7.1CIS 7.5CIS 7.6CIS 7.7
NIST CSF 2.0
ID.RA-01ID.RA-08
SOC 2 TSC
CC7.1CC9.2-POF13
PCI DSS v4.0.1
11.36.3
CSA CCM v4
AIS-05AIS-07TVM-01TVM-03TVM-05TVM-06TVM-07TVM-08TVM-09TVM-10
CSA AICM v1
AIS-05AIS-07AIS-10MDS-03MDS-08TVM-01TVM-03TVM-05TVM-06TVM-07TVM-08TVM-09TVM-10TVM-11TVM-12TVM-13
FINOS CCC
CCC-C10
ISO 42001:2023
A.6.2.4
IEC 62443
2-1 4.3
NIS2 Directive
Art. 21(2)(e)
MAS TRM
13
APRA CPS 234
Para 19-20
ASD Essential Eight
E8-2E8-2 ML1E8-2 ML2E8-2 ML3E8-6E8-6 ML1
ANSSI
Hygiene.31Hygiene.33SecNumCloud.13.6
FINMA Circular 2023/1
IV.B.c(54)IV.B.c(56)IV.B.c(57)IV.D(75)IV.D(76)
OSFI B-13
B-13.2.4B-13.3.1
EU GDPR
Art.32(1)(d)
EU DORA
Art.13(1)Art.25(1)Art.9(3)
BIO2
5.78.8
RBI CSF
Annex1.7Annex1.18ITGRCA.26
FISC Security Guidelines
FISC.O12
LGPD + BCB 4893
BCB.Art.10BCB.Art.19BCB.Art.6
HKMA TM-E-1
TME1.7.4
MLPS 2.0
8.1.10.38.1.4.4
DNB Good Practice
DNB.16.1DNB.19.2DNB.22.1DNB.4.2
EU CRA
CRA.I.2aCRA.II.1CRA.II.2CRA.II.3CRA.Info.5
SWIFT CSCF
SWIFT.2.7SWIFT.7.3A
SAMA CSF
1.81.93.5
NCA ECC
1-52-102-115-1
UAE IA
T2T7
CBB TM
TM-11TM-4
Qatar NIA
OSRM
CBUAE
CR-10CR-7
CBE CSF
CRM-1CTO-9OVM-3
SA JS2
JS2-6.2JS2-7.2JS2-7.7JS2-8.5
CBN CSF
Part2.3Part3.3
BoG CISD
CISD-VICISD-X
POPIA
s19
BoM CTRM
2.14.14.3
IOSCO Cyber Resilience
DET-3ID-3SA-1SA-3TEST-1
CPMI-IOSCO PFMI
CG.DECG.IDCG.SACG.TEPFMI.P17
FFIEC IS
II.AII.A.2II.C.11III.AIV.AIV.A.2
NYDFS 500
500.5500.9
HIPAA Security Rule
§164.308(a)(1)(ii)(A)§164.308(a)(8)
ECB CROE
CROE.2.2.1CROE.2.4CROE.2.6.1CROE.2.6.2CROE.2.7.1
EBA ICT Guidelines
3.4.6
SEBI CSCRF
DE.DPDE.VAID.RAVAPT
BOT Cyber Resilience
Ch3.2
CMMC 2.0
RASI
NERC CIP
CIP-010-4CIP-014-3
10 CFR 73.54
RG5.71-B-CMRG5.71-C-PL
TSA Pipeline SD
SD-1 Sec 3SD-2 Sec DSD-2 Sec G
DOE C2M2 v2.1
THREAT
API 1164
Sec 4
AWIA
Sec 2013(a)
IAEA NSS 17-T
Sec 4
FIPS 140-3
FIPS 140-3 §7.12
CBEST
CBEST.2CBEST.6
TIBER-EU
TIBER.GTLTIBER.RTTIBER.TTI
Common Criteria
CC Part 3 — SAR
Solvency II
DR.266
Lloyd's Minimum Standards
CRM.2MS10.2MS8.11
NAIC Insurance Data Security
4-monitoring4A
FCA SYSC 13
SYSC 13.5.3
HITRUST CSF v11
03.a06.c09.c10.e
FDA Cybersecurity Guidance
524B-2CRA-1MON-1MON-2SBOM-3ST-1ST-2ST-3ST-4TM-1
ISO 27799
12.518.4H.3
NHS DSPT
NDG-8.1NDG-8.2NDG-9.8NDG-9.9
OWASP MASVS v2.1
MASVS-CODE-3
CCSS v9.0
2.01.12.01.2
MiCA
Art.35(1)
Basel SCO60
SCO60.4SCO60.13SCO60.14SCO60.21SCO60.23SCO60.51SCO60.52SCO60.64SCO60.65SCO60.74
BSSC Standards
NOS-10TIS-02GSP-02GSP-08GSP-15
SEC Custody (Digital Assets)
SEC-CD-09
ISO 17799 (legacy)
12.6.1
COBIT 4.1 (legacy)
PO9.3DS5.5