ISO 27001 · A.8 Technological
A.8.8 Management of technical vulnerabilities
Obtain information about technical vulnerabilities, evaluate exposure and take appropriate remediation measures.
Mapped across 10 provisions
Equivalent and related requirements in other frameworks and regulations.
- CIS Controls v8EquivalentOfficial mapping
Source: CIS Controls v8 / ISO/IEC 27001
7.1 Establish and maintain a vulnerability management processVulnerability management
- NIST 800-53EquivalentOfficial mapping
Source: NIST SP 800-53 Rev. 5 / ISO/IEC 27001
RA-5 Vulnerability monitoring and scanningVulnerability management
- Cyber EssentialsEquivalentCuratedCE-5 Security update management
Vulnerability management
- Essential EightEquivalentCuratedE8-1 Patch applications
Vulnerability management
- Essential EightEquivalentCuratedE8-2 Patch operating systems
Vulnerability management
- GLBAPartialCurated§314.4(d) Regularly test or monitor safeguards
Vulnerability management
- NIST 800-171EquivalentCurated3.11.2 Scan for vulnerabilities
Vulnerability management
- NIST CSF 2.0EquivalentCuratedID.RA-01 Vulnerabilities identified and recorded
Vulnerability management
- PCI DSSEquivalentCuratedReq. 11 Test security of systems and networks regularly
Vulnerability management
- SOC 2EquivalentCuratedCC7.1 Vulnerability detection and monitoring
Vulnerability management