3.11.2 Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified.
To go back to the NIST 800-171 Controls page, click here.
Guides
- SANS Institute – Implementing a Vulnerability Management Process
- SANS Institute – Vulnerabilities & Vulnerability Scanning
- SANS Institute – Implementing Vulnerability Scanning in a Large Organization
- NIST SP 800-115 – Technical Guide to Information Security Testing
- Qualys Security and Compliance Suite Rollout Guide
- Nessus User Guide
- TrustWave Vulnerability Management User Guide
Example Tools
Sample Policy & Procedures
Additional Lessons Learned
Videos
- BrightTALK – Rethinking Vulnerability Management
- BrightTALK – Is Your Vulnerability Management Program Vulnerable? Part 1
- BrightTALK – Is Your Vulnerability Management Program Vulnerable? Part 2
- BrightTALK – Effective Patch Management with Qualys Guard