VPM-09
Reviewing Vulnerability Scanner Usage
Description
Mechanisms exist to monitor logs associated with scanning activities and associated administrator accounts to ensure that those activities are limited to the timeframes of legitimate scans.
Control Question
Does the organization monitor logs associated with scanning activities and associated administrator accounts to ensure that those activities are limited to the timeframes of legitimate scans?
Control Metadata
Domain:
Vulnerability & Patch Management
Validation Cadence:
Annual