NIST 800-171 · 3.11 Risk Assessment
3.11.2 Scan for vulnerabilities
Scan for vulnerabilities in the system and applications periodically and when new vulnerabilities are identified.
Mapped across 10 provisions
Equivalent and related requirements in other frameworks and regulations.
- CIS Controls v8EquivalentCurated7.1 Establish and maintain a vulnerability management process
Vulnerability management
- Cyber EssentialsEquivalentCuratedCE-5 Security update management
Vulnerability management
- Essential EightEquivalentCuratedE8-1 Patch applications
Vulnerability management
- Essential EightEquivalentCuratedE8-2 Patch operating systems
Vulnerability management
- GLBAPartialCurated§314.4(d) Regularly test or monitor safeguards
Vulnerability management
- ISO 27001EquivalentCuratedA.8.8 Management of technical vulnerabilities
Vulnerability management
- NIST 800-53EquivalentCuratedRA-5 Vulnerability monitoring and scanning
Vulnerability management
- NIST CSF 2.0EquivalentCuratedID.RA-01 Vulnerabilities identified and recorded
Vulnerability management
- PCI DSSEquivalentCuratedReq. 11 Test security of systems and networks regularly
Vulnerability management
- SOC 2EquivalentCuratedCC7.1 Vulnerability detection and monitoring
Vulnerability management