Control04.md

Critical Control 4 - Continuous Vulnerability Assessment and Remediation

Continuously acquire, assess, and take action on new information in order to identify vulnerabilities, and to remediate and minimize the window of opportunity for attackers.

ID.RA-1 Asset vulnerabilities are identified and documented

ID.RA-2 Cyber threat intelligence is received from information sharing forums and sources

ID.RA-3 Threats, both internal and external, are identified and documented

ID.RA-4 Potential business impacts and likelihoods are identified

ID.RA-5 Threats, vulnerabilities, likelihoods, and impacts are used to determine risk

ID.RA-6 Risk responses are identified and prioritized

DE.CM-1 The network is monitored to detect potential cybersecurity events

DE.CM-2 The physical environment is monitored to detect potential cybersecurity events

DE.CM-3 Personnel activity is monitored to detect potential cybersecurity events

DE.CM-4 Malicious code is detected

DE.CM-5 Unauthorized mobile code is detected

DE.CM-6 External service provider activity is monitored to detect potential cybersecurity events

DE.CM-7 Monitoring for unauthorized personnel, connections, devices, and software is performed

DE.CM-8 Vulnerability scans are performed

RS.MI-1 Incidents are contained

RS.MI-2 Incidents are mitigated

RS.MI-3 Newly identified vulnerabilities are mitigated or documented as accepted risks