CISOBot - Your AI CISO Assistant

VPM-03

Vulnerability Ranking

Weight: 8/10

Description

Mechanisms exist to identify and assign a risk ranking to newly discovered security vulnerabilities using reputable outside sources for security vulnerability information.

Control Question

Does the organization identify and assign a risk ranking to newly discovered security vulnerabilities using reputable outside sources for security vulnerability information?

Control Metadata

Domain:

Vulnerability & Patch Management

Validation Cadence:

Annual

Evidence Request List:

E-RSK-03 E-RSK-04 E-VPM-01

Have questions about this control?

Ask CISOBot for implementation guidance and best practices