Supporting documents: Full policy - Standard
The operating system or environment for all information system resources
must undergo a regular vulnerability assessment.
Vulnerabilities to the operating system or environment for information
system resources must be identified and corrected to minimize the risks
associated with them.
To ensure these vulnerabilities are adequately addressed, the operating
system or environment for all information system resources must undergo a
regular vulnerability assessment.
The frequency of these vulnerability assessments will be dependant on the
operating system or environment, the information system resource
classification, and the data classification of the data associated with the
information system resource.
See the Vulnerability Testing Standard to help determine the frequency of vulnerability assessments.
Contact the IT Service Desk using the Service Request form for assistance with vulnerability assessments. Upon submission, this form creates a record in our tracking system and it will be routed to the appropriate resource for action.