Policy Name
Vulnerability Management Policy

Vulnerability Management is the process to detect, analyze and remediate vulnerabilities on systems, devices, networks and applications in an ongoing manner.

  • The organization must periodically scan the network to identify vulnerabilities and non-compliant configurations.
  • Non-compliant devices must be reported to stakeholders on at least a monthly basis.
  • Business units must remediate non-compliant devices using a risk-based approach after vulnerability is identified and reported.
  • Vulnerabilities classified as higher risk may require more timely remediation at the discretion of management and depending on the threat to the the organization's information.


The following benefits will be achieved:

  • Vulnerabilities on systems and networks can be discovered and mitigated in a timely manner
  • Ensure systems are configured consistently and securely
  • To ensure integrity of information and minimize the potential of unauthorized access to information

All employees, contractors, agents and third-parties

Consequeces for Noncompliance
Noncompliance to this policy can result in disciplinary action up to and including termination of employment or contract.

Vulnerability Management
Network Security