Vulnerability Mgmt
Identify and manage vulnerabilities in organizational assets.
9 of 9 frameworks cover this control
Framework Mappings
How Vulnerability Mgmt maps to each of the 6 cybersecurity frameworks tracked by ControlMap.
| Framework | Status | Control IDs |
|---|---|---|
| NIST CSF 2.0 | Covered | ID.RA-01 |
| ISO 27001 | Covered | A.8.8 |
| CIS v8 | Covered | CIS 7.1 CIS 7.2 CIS 7.4 |
| SOC 2 | Covered | CC7.1 |
| PCI DSS | Covered | 6.3.1 6.3.3 11.3.1 11.3.2 |
| CMMC | Covered | RA.L2-3.11.2 SI.L2-3.14.1 |
| 800-53 | Covered | RA-5 SI-2 SI-5 |
| HIPAA | Covered | §164.308(a)(1)(ii)(A) §164.308(a)(8) |
| GDPR | Covered | Art.32(1)(d) |
About Vulnerability Mgmt
Vulnerability Mgmt is a cybersecurity control in the Identify domain. Identify and manage vulnerabilities in organizational assets. Vulnerability management is a continuous process of discovering, prioritizing, and remediating security weaknesses across an organization's infrastructure, applications, and endpoints. Effective programs use automated scanning tools to identify vulnerabilities, risk-based prioritization (such as CVSS scores combined with asset criticality and exploit availability) to focus remediation efforts, and defined SLAs for patching timelines. Regular vulnerability assessments and penetration tests validate that remediation efforts are effective and that new vulnerabilities are identified promptly.
This control is recognized by 9 of the 6 major frameworks: NIST CSF 2.0, ISO 27001, CIS v8, SOC 2, PCI DSS, CMMC, 800-53, HIPAA, GDPR. It has full coverage across all ${FW_KEYS.length} frameworks.