SAMMY works best on screens 1024px wide or larger.
CIS Critical Security Controls
Browse CIS Critical...
7,5: Perform Automated Vulnerability Scans of Internal Enterprise Assets
Perform Automated Vulnerability Scans of Internal Enterprise Assets
7,5: Perform Automated Vulnerability Scans of Internal Enterprise Assets

Perform automated vulnerability scans of internal enterprise assets on a quarterly, or more frequent, basis. Conduct both authenticated and unauthenticated scans, using a SCAP-compliant vulnerability scanning tool.

Policy defined
Not applicable - Not applicable
None - None
Informal - Informal
Partially written - Partially written
Written - Written
Approved and communicated - Approved and communicated
Control implemented
Not applicable - Not applicable
Not implemented - Not implemented
Parts of policy implemented - Parts of policy implemented
Implemented on some systems - Implemented on some systems
Implemented on most systems - Implemented on most systems
Implemented on all systems - Implemented on all systems
Control automated
Not applicable - Not applicable
Not automated - Not automated
Parts of policy automated - Parts of policy automated
Automated on some systems - Automated on some systems
Automated on most systems - Automated on most systems
Automated on all systems - Automated on all systems
Control reported
Not applicable - Not applicable
Not reported - Not reported
Parts of policy reported - Parts of policy reported
Reported on some systems - Reported on some systems
Reported on most systems - Reported on most systems
Reported on all systems - Reported on all systems
Description

Perform automated vulnerability scans of internal enterprise assets on a quarterly, or more frequent, basis. Conduct both authenticated and unauthenticated scans, using a SCAP-compliant vulnerability scanning tool.