Technology Procedure Categories
IT Vulnerability Identification and Remediation policy
This procedure outlines the process for regular scanning for and radiation of network security vulnerabilities.
When Was This Policy Written?
March 18, 2017
When Was This Policy Updated?
Who Should Read This Procedure?
WSC NATS staff
On a monthly basis, NATS communications team staff will perform an external scan of all WSC and NSCS owned public IP address space using a scanning appliance located external to the WSC network.
Vulnerabilities will be remediated by NATS Service Owners. In the case of false positives, Service Owners can provide a written justification for why the scan isn’t representing a real threat to be held on file with the Information Security Program Coordinator.
Critical vulnerabilities must be remediated within 5 business days of the distribution of the scanning report.
High vulnerabilities must be remediated within 10 business days of the distribution of the scanning report.
Last Updated: 5/22/2017