Skip to main content

💼 A.12.6.1 Management of technical vulnerabilities

  • ID: /frameworks/iso-iec-27001-2013/12/06/01

Description

Information about technical vulnerabilities of information systems being used shall be obtained in a timely fashion, the organization’s exposure to such vulnerabilities evaluated and appropriate measures taken to address the associated risk.

Similar

  • Internal
    • ID: dec-c-9f4b35f1

Similar Sections (Give Policies To)

SectionSub SectionsInternal RulesPoliciesFlagsCompliance
💼 NIST CSF v1.1 → 💼 DE.CM-8: Vulnerability scans are performed77no data
💼 NIST CSF v1.1 → 💼 ID.RA-1: Asset vulnerabilities are identified and documented1316no data
💼 NIST CSF v1.1 → 💼 ID.RA-5: Threats, vulnerabilities, likelihoods, and impacts are used to determine risk77no data
💼 NIST CSF v1.1 → 💼 PR.IP-12: A vulnerability management plan is developed and implemented79no data
💼 NIST CSF v1.1 → 💼 RS.MI-3: Newly identified vulnerabilities are mitigated or documented as accepted risks77no data

Sub Sections

SectionSub SectionsInternal RulesPoliciesFlagsCompliance

Policies (7)

PolicyLogic CountFlagsCompliance
🛡️ Azure Subscription Microsoft Defender For (Managed Instance) Azure SQL Databases is not set to On🟢1🟢 x6no data
🛡️ Azure Subscription Microsoft Defender For App Services is not set to On🟢1🟢 x6no data
🛡️ Azure Subscription Microsoft Defender For Containers is not set to On🟢1🟢 x6no data
🛡️ Azure Subscription Microsoft Defender For Key Vault is not set to On🟢1🟢 x6no data
🛡️ Azure Subscription Microsoft Defender For Servers is not set to On🟢1🟢 x6no data
🛡️ Azure Subscription Microsoft Defender For SQL Servers On Machines is not set to On🟢1🟢 x6no data
🛡️ Azure Subscription Microsoft Defender For Storage is not set to On🟢1🟢 x6no data

Internal Rules

RulePoliciesFlags
✉️ dec-x-1a2f62791
✉️ dec-x-9f7d853f1
✉️ dec-x-52ac4ac01
✉️ dec-x-8535d1ff1
✉️ dec-x-a00b4ec91
✉️ dec-x-a04719771
✉️ dec-x-fafadacd1