...
- Patching assures that systems are running the most recent, secure versions to guard against exploits targeting a platform or application.
- Configuration benchmarking helps guard against attacks that take advantage of insecure or sloppy configuration settings (e.g., failure to disable unused services/ports, disabled deprecated protocols, and sample scripts or change default passwords). This is an attack vector just as serious as an unpatched application or operating system.
...
- Identify all system, service, software, and configuration vulnerabilities in assets with services accessible from the University network.
- Scheduling of automatic updates of vulnerability policies to occur without user interaction
- Scheduling of vulnerability assessments to occur without user interaction
- Allow detailed assessments using agents installed on systems. As an alternative to the preferred agent-based scans, credentialed scans can be conducted.Allow administrators to tailor assessments as internal, external, credentialed, or agent based on the asset group
Compliance Checks
- The solution should facilitate compliance with the following CIS Critical Controls:
- Inventory of Authorized and Unauthorized Software (#2)
- Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers (#3)
- Continuous Vulnerability Assessment and Remediation (#4)
- Secure Configurations for Network Devices such as Firewalls, Routers, and Switches (#11)
- Allow targeted assessments of assets groups according to:
- Compliance requirements for the assets: HIPAA, PCI, FERPA, etc.
- System software: Windows, Mac OS/X, Cisco, Juniper, all major variants of Linux, etc.
- Network Services: Web, Database, File sharing, RPC, NTP, SSH, Remote Desktop, DNS, LDAP, etc.
...