Network connected IT systems are subjected to automatic vulnerability scanning at least once per month.
Scanning occurs authenticated where possible.
Specification
Use authenticated scanning. Report findings with a ratings such as Low/Medium/High to help prioritize.
Use a special account and systems for performing security checks that can easily be distinguished in the monitoring.
ISO 27001 & 27002:2022
A5.7,
A8.7,
A8.8
SURF toetsingskader informatiebeveiliging (NBA-volwassenheidsmodel)
SM.07 Threat en Vulnerability Management