💼 RA-5 Vulnerability Monitoring and Scanning

ID: /frameworks/nist-sp-800-53-r5/ra/05

Description

a. Monitor and scan for vulnerabilities in the system and hosted applications [Assignment: organization-defined frequency and/or randomly in accordance with organization-defined process] and when new vulnerabilities potentially affecting the system are identified and reported; b. Employ vulnerability monitoring tools and techniques that facilitate interoperability among tools and automate parts of the vulnerability management process by using standards for:

Enumerating platforms, software flaws, and improper configurations;
Formatting checklists and test procedures; and
Measuring vulnerability impact; c. Analyze vulnerability scan reports and results from vulnerability monitoring; d. Remediate legitimate vulnerabilities [Assignment: organization-defined response times] in accordance with an organizational assessment of risk; e. Share information obtained from the vulnerability monitoring process and control assessments with [Assignment: organization-defined personnel or roles] to help eliminate similar vulnerabilities in other systems; and f. Employ vulnerability monitoring tools that include the capability to readily update the vulnerabilities to be scanned.

Similar

Sections
- /frameworks/aws-fsbp-v1.0.0/ecr/01
- /frameworks/aws-fsbp-v1.0.0/macie/01
- /frameworks/aws-fsbp-v1.0.0/macie/02
Internal
- ID: dec-c-f4b6daa8

Similar Sections (Take Policies From)

Section	Internal Rules	Policies	Compliance
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [ECR.1] ECR private repositories should have image scanning configured	1	1	no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [Macie.1] Amazon Macie should be enabled			no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [Macie.2] Macie automated sensitive data discovery should be enabled			no data

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Compliance
💼 FedRAMP High Security Controls → 💼 RA-5 Vulnerability Monitoring and Scanning (L)(M)(H)	6	7	8	no data
💼 FedRAMP Low Security Controls → 💼 RA-5 Vulnerability Monitoring and Scanning (L)(M)(H)	2		8	no data
💼 NIST CSF v2.0 → 💼 GV.SC-10: Cybersecurity supply chain risk management plans include provisions for activities that occur after the conclusion of a partnership or service agreement			1	no data
💼 NIST CSF v2.0 → 💼 ID.IM-01: Improvements are identified from evaluations			26	no data
💼 NIST CSF v2.0 → 💼 ID.IM-02: Improvements are identified from security tests and exercises, including those done in coordination with suppliers and relevant third parties			40	no data
💼 NIST CSF v2.0 → 💼 ID.IM-03: Improvements are identified from execution of operational processes, procedures, and activities			41	no data
💼 NIST CSF v2.0 → 💼 ID.RA-01: Vulnerabilities in assets are identified, validated, and recorded			31	no data
💼 NIST CSF v2.0 → 💼 ID.RA-08: Processes for receiving, analyzing, and responding to vulnerability disclosures are established			1	no data

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 RA-5(1) Vulnerability Monitoring and Scanning _ Update Tool Capability					no data
💼 RA-5(2) Vulnerability Monitoring and Scanning _ Update Vulnerabilities to Be Scanned					no data
💼 RA-5(3) Vulnerability Monitoring and Scanning _ Breadth and Depth of Coverage					no data
💼 RA-5(4) Vulnerability Monitoring and Scanning _ Discoverable Information					no data
💼 RA-5(5) Vulnerability Monitoring and Scanning _ Privileged Access					no data
💼 RA-5(6) Vulnerability Monitoring and Scanning _ Automated Trend Analyses					no data
💼 RA-5(7) Vulnerability Monitoring and Scanning _ Automated Detection and Notification of Unauthorized Components					no data
💼 RA-5(8) Vulnerability Monitoring and Scanning _ Review Historic Audit Logs					no data
💼 RA-5(9) Vulnerability Monitoring and Scanning _ Penetration Testing and Analyses					no data
💼 RA-5(10) Vulnerability Monitoring and Scanning _ Correlate Scanning Information					no data
💼 RA-5(11) Vulnerability Monitoring and Scanning _ Public Disclosure Program					no data

Policies (1)

Policy	Logic Count	Flags	Compliance
🛡️ AWS ECR Repository Manual Scanning is enabled🟢	1	🟢 x6	no data

Description​

Similar​

Similar Sections (Take Policies From)​

Similar Sections (Give Policies To)​

Sub Sections​

Policies (1)​