A vulnerability scanner is used at least fortnightly to identify missing patches or updates for vulnerabilities in operating systems of workstations, non-internet-facing servers and non-internet-facing network devices.
Topic
Scanning for missing patches or updates
Applicable to
all
History
Dec 2023
A vulnerability scanner is used at least fortnightly to identify missing patches or updates for vulnerabilities in operating systems of workstations, non-internet-facing servers and non-internet-facing network devices.
The existing control relating to conducting vulnerability scanning to identify missing patches or updates for vulnerabilities in operating systems of workstations, non-internet-facing servers and non-internet-facing network devices was relaxed from weekly scanning to fortnightly scanning.
Sep 2023
A vulnerability scanner is used at least weekly to identify missing patches or updates for vulnerabilities in operating systems of workstations, non-internet-facing servers and non-internet-facing network devices.
References to ‘security vulnerabilities’ were replaced with ‘vulnerabilities’.
Sep 2023
A vulnerability scanner is used at least weekly to identify missing patches or updates for vulnerabilities in operating systems of workstations, non-internet-facing servers and non-internet-facing network devices.
The existing control relating to using a vulnerability scanner to identify missing patches or updates for vulnerabilities in ‘operating systems of workstations, servers and network devices’ was amended to ‘operating systems of workstations, non-internet-facing servers and non-internet-facing network devices’ to reduce confusion as to its applicability.