usnistgov / blossom-oscal

OSCAL content that supports the BloSS@M project.
10 stars 8 forks source link

OSCAL SSP Content: RA-5 Vulnerability Monitoring and Scanning #24

Open Compton-US opened 2 years ago

Compton-US commented 2 years ago

Document the plan of implementation for each component identified in the Component Definition Issue. Work content into a snippet for the OSCAL model.

nbg84 commented 2 years ago

RA-5 VULNERABILITY MONITORING AND SCANNING enhancements to be considered for selection.

RA-5(2) VULNERABILITY MONITORING AND SCANNING | UPDATE VULNERABILITIES TO BE SCANNED Update system vulnerabilities prior to conducting scans.

RA-5(5) VULNERABILITY MONITORING AND SCANNING | PRIVILEGED ACCESS Implement privileged access authorization to system components for conducting vulnerability scans.

RA-5(11) VULNERABILITY MONITORING AND SCANNING | PUBLIC DISCLOSURE PROGRAM Establish a public reporting channel for receiving reports of vulnerabilities in systems and components.