Control: ism-1163; Revision: 9; Updated: Jun-23; Applicability: ALL; Essential Eight: N/A
Systems have a continuous monitoring plan that includes:
- conducting vulnerability scans for systems at least fortnightly
- conducting vulnerability assessments and penetration tests for systems prior to deployment, including prior to deployment of significant changes, and at least annually thereafter
- analysing identified security vulnerabilities to determine their potential impact
- implementing mitigations based on risk, effectiveness and cost.