Vulnerability management
Vulnerability management helps find and fix cyber weaknesses across Defence and its supply chain.
Vulnerability management activities include:
Vulnerability management activities include:
- responding to advisories, alerts and directives, such as those issued by MODCERT
- tracking known vulnerabilities in the software stack
- performing vulnerability scanning
- patching affected systems
- renewing or replacing security systems as they become depreciated
Capabilities should make sure findings from security tests, including vulnerability analysis, are reviewed and managed appropriately.
Guidance and resources from the NCSC are available to support vulnerability management.
Guidance and resources from the NCSC are available to support vulnerability management.
Benefits
Reduces risk as vulnerabilities are fixed promptly and proportionately.
Outcomes
Outcomes of vulnerability management could include:
- vulnerability management policy
- vulnerability assessments
- mitigation plans
Responsibility
Who is responsible for vulnerability management:
- Senior Responsible Owner (SRO), or suitable equivalent
- delivery team lead
- delivery team
When to carry out vulnerability management
You should carry out vulnerability management throughout the capability’s lifecycle.