1. SAM
  2. TOC
  3. 5300
  4. 5345

VULNERABILITY AND THREAT MANAGEMENT - 5345

(Revised: 01/2021)

Introduction: Threats and vulnerabilities provide the primary inputs to the state entity’s risk assessment process.

Policy: Each state entity shall continuously identify and remediate vulnerabilities before they can be exploited. Vulnerability and threat management include, but not limited to, the following:

  1. Strategic placement of scanning tools to continuously assess all information technology assets;
  2. Implementation of appropriate scan schedules, based on asset criticality;
  3. Communication of vulnerability information to system owners or other individuals responsible for remediation;
  4. Dissemination of timely threat advisories to system owners or other individuals responsible for remediation;
  5. Consultation with system owners on mitigation strategies; and
  6. Implementation of mitigation measures in accordance with the Vulnerability Management Standard (SIMM 5345-A).
Implementation Controls: NIST SP 800-53: Risk Assessment (RA); System and Services Acquisition (SA); System and Communication Protection (SC); Supply Chain Risk Management (SR); Vulnerability Management Standard (SIMM 5345-A)

Revisions

Search Entire Manual

Print Entire SAM Manual

Please bear with us, generating the entire SAM for printing will take approximately two minutes.