Asset vulnerabilities are identified and documented from Cybersecurity Fundamentals framework

SAMMY UI is optimized for resolutions with a width 1024px and higher.

Maturity Level 1

Maturity Level 2

Maturity Level 3

ID.RA-1.1

ID.RA-1.1: Threats and vulnerabilities shall be identified.

A vulnerability refers to a weakness in the organization’s hardware, software, or procedures. It is a gap through which a bad actor can gain access to the organization’s assets. A vulnerability exposes an organization to threats.
A threat is a malicious or negative event that takes advantage of a vulnerability.
The risk is the potential for loss and damage when the threat does occur.

Description

Threats and vulnerabilities shall be identified.

ID.RA-1.2

ID.RA-1.2: A process shall be established to monitor, identify, and document vulnerabilities of the organisation's business critical systems in a continuous manner.

Where safe and feasible, the use of vulnerability scanning should be considered.
The organization should establish and maintain a testing program appropriate to its size, complexity, and maturity.

Description

A process shall be established to monitor, identify, and document vulnerabilities of the organisation's business critical systems in a continuous manner.

ID.RA-1.3

ID.RA-1.3: To ensure that organization's operations are not adversely impacted by the testing process, performance/load testing and penetration testing on the organization’s systems shall be conducted with care.

Consider validating security measures after each penetration test.

Description

To ensure that organization's operations are not adversely impacted by the testing process, performance/load testing and penetration testing on the organization’s systems shall be conducted with care.