- Manage “What is on the network?”: Identifies the existence of hardware, software, configuration characteristics and known security vulnerabilities.
- Manage “Who is on the network?”: Identifies and determines the users or systems with access authorization, authenticated permissions and granted resource rights.
- Manage “How is the network protected?”: Determines the user/system actions and behavior at the network boundaries and within the computing infrastructure.
- Manage “What is happening on the network?”: Prepares for events/incidents, gathers data from appropriate sources; and identifies incidents through analysis of data.
- Emerging Tools and Technology: Includes CDM cybersecurity tools and technology not in any other subcategory.
- Regularly scan technical controls by using scanning tools (AppScan, AppDetective, Nessus, etc.)
- Meet regularly with System Owners to discuss (CDM meeting) scan results (vulnerabilities identified using tools) and POAM (weaknesses from SA&A)
- Regularly update POAM, SSP and SAR accordingly
- Frequency of assessment and reporting are mostly defined in the ISCM strategy