History
- Priority
- should
- Nov 2018
- Removed
- Removed due to a merge of relevant content into security control 1163.
- 2017
- Agencies must analyse any vulnerabilities to determine their potential impact on the agencyand determine appropriate mitigations or other treatments.
- 2015
- Agencies must analyse any vulnerabilities to determine their potential impact on the agencyand determine appropriate mitigations or other treatments.
- 2010
- Agencies should implement a vulnerability analysis strategy by:• monitoring information about new vulnerabilities in operating systems and application software• considering the use of automated tools to perform vulnerability assessments on systems in acontrolled manner• running manual checks against system configurations to ensure only allowed services are active andthat disallowed services are prevented• using security checklists and hardening guides to secure operating systems and common applications.
- 2008
- Agencies should implement a vulnerability analysis strategy by: a. monitoring public domain information about new vulnerabilities in operating systems and application software b. considering the use of automated tools to perform vulnerability assessments on systems in a controlled manner c. running manual checks against system configurations to ensure only allowed services are active and that disallowed services are prevented d. using security checklists for operating systems and common applications.