Introduction and Purpose

This document details the vulnerability management policies and controls required to maintain high levels of system and application security in a diverse IT environment. It outlines the technology and procedures necessary for implementing a comprehensive, integrated program to detect and remediate vulnerabilities in operating systems, applications, mobile devices, cloud resources, and network devices to maintain maximum levels of security.

Vulnerability Management Solution & Remediation Service Levels

The primary vulnerability assessment solution is Retina CS Enterprise Vulnerability Management from BeyondTrust. Retina scans the network infrastructure for devices on a scheduled periodic basis and generates a report on the vulnerabilities identified across all assets.

Retina CS is capable of reporting and logically grouping results for a consistent workflow within the organization. This automated technology can adhere to other established processes for change control, ticketing, and asset security.

Upon receipt of the reports, the Operations Team is responsible for:

  • Reviewing the results
  • Providing a remediation via configuration changes or deploying security patches
  • Implementing other mitigating measures
  • Properly documenting any exceptions

Download for more.