Detections
Analytics

CSCv6|4.8

Title

Establish a process to risk-rate vulnerabilities based on the exploitability and potential impact of the vulnerability.

Description

Establish a process to risk-rate vulnerabilities based on the exploitability and potential impact of the vulnerability, and segmented by appropriate groups of assets (example, DMZ servers, internal network servers, desktops, laptops). Apply patches for the riskiest vulnerabilities first. A phased rollout can be used to minimize the impact to the organization. Establish expected patching timelines based on the risk rating level.

Reference Item Details

Category: Continuous Vulnerability Assessment and Remediation

Family: System

Audit Items

View all Reference Audit Items

NamePluginAudit Name
4.10 Ensure a log metric filter and alarm exist for security group changes - 'alarm exists'amazon_awsCIS Amazon Web Services Foundations L2 1.3.0
4.10 Ensure a log metric filter and alarm exist for security group changes - 'alarm exists'amazon_awsCIS Amazon Web Services Foundations L2 1.4.0
4.10 Ensure a log metric filter and alarm exist for security group changes - 'metric filter exists'amazon_awsCIS Amazon Web Services Foundations L2 1.4.0
4.10 Ensure a log metric filter and alarm exist for security group changes - 'metric filter exists'amazon_awsCIS Amazon Web Services Foundations L2 1.3.0
17.5.2 Ensure 'Audit Group Membership' is set to include 'Success'WindowsCIS Microsoft Windows Server 2016 DC L1 v1.2.0
17.5.2 Ensure 'Audit Group Membership' is set to include 'Success'WindowsCIS Microsoft Windows Server 2016 DC L1 v1.3.0
17.5.2 Ensure 'Audit Group Membership' is set to include 'Success'WindowsCIS Microsoft Windows Server 2016 MS L1 v1.2.0
17.5.2 Ensure 'Audit Group Membership' is set to include 'Success'WindowsCIS Microsoft Windows Server 2016 MS L1 v1.3.0