Essential Cybersecurity Controls (ECC – 2 : 2024) - Vulnerabilities Management; Documentation and Requirements - Lake Ridge

Compliance Solutions

NIST SP 800-171 & CMMC Compliance

Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC requirements.
Learn More

HIPAA Compliance

Become compliant, provide compliance services, or verify partner compliance with HIPAA security rule requirements.
Learn More

FAR 52.204-21 Compliance

Become compliant, provide compliance services, or verify partner compliance with FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems requirements.
Learn More

ISO 27001 Compliance

Become compliant, provide compliance services, or verify partner compliance with ISO 27001 requirements.
Learn More
About
Contact

Login

Essential Cybersecurity Controls (ECC – 2 : 2024) - 2-10-1

Cybersecurity requirements for technical vulnerabilities management must be defined, documented and approved

View Requirement

Essential Cybersecurity Controls (ECC – 2 : 2024) - 2-10-2

The cybersecurity requirements for technical vulnerabilities management must be implemented.

View Requirement

Essential Cybersecurity Controls (ECC – 2 : 2024) - 2-10-3

The cybersecurity requirements for technical vulnerabilities management must include at least the following:

Periodic vulnerabilities assessments.
Vulnerabilities classification based on criticality level.
Vulnerabilities remediation based on classification and associated risk levels.
Security patch management.
Subscription with authorized and trusted cybersecurity resources for up-to-date information and notifications on technical vulnerabilities.

View Requirement

Essential Cybersecurity Controls (ECC – 2 : 2024) - 2-10-4

The cybersecurity requirements for technical vulnerabilities management must be reviewed periodically.

View Requirement