Policy
Policy Name
Vulnerability Management Policy

Overview
Vulnerability Management is the process to detect, analyze and remediate vulnerabilities on systems, devices, networks and applications in an ongoing manner.

Statement
  • The organization must periodically scan the network to identify vulnerabilities and non-compliant configurations.
  • Non-compliant devices must be reported to stakeholders on at least a monthly basis.
  • Business units must remediate non-compliant devices using a risk-based approach after vulnerability is identified and reported.
  • Vulnerabilities classified as higher risk may require more timely remediation at the discretion of management and depending on the threat to the the organization's information.

Justification

The following benefits will be achieved:

  • Vulnerabilities on systems and networks can be discovered and mitigated in a timely manner
  • Ensure systems are configured consistently and securely
  • To ensure integrity of information and minimize the potential of unauthorized access to information

Scope
All employees, contractors, agents and third-parties

Consequeces for Noncompliance
Noncompliance to this policy can result in disciplinary action up to and including termination of employment or contract.

Topics
Vulnerability Management
Network Security