SB.18.003 Automated Vulnerability Scanning
Network connected IT systems are subjected to automatic vulnerability scanning at least once per month.
Scanning occurs authenticated where possible.
Use authenticated scanning. Report findings with a ratings such as Low/Medium/High to help prioritize.
Use a special account and systems for performing security checks that can easily be distinguished in the monitoring.