STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 5 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← All Controls

RA-5

Risk AssessmentRev 5

Vulnerability Monitoring and Scanning

CCI Identifiers (14)

CCI-001054Monitor and scan for vulnerabilities in the system and hosted applications on an organization-defined frequency and/or randomly in accordance with organization-defined process.CCI-001055Defines a frequency for scanning for vulnerabilities in the system and hosted applications, and/or randomly in accordance with organization-defined process.CCI-001056Monitor and scan for vulnerabilities in the system and hosted applications when new vulnerabilities potentially affecting the system/applications are identified and reported.CCI-001057Employ vulnerability monitoring tools and techniques that facilitate interoperability among tools and automate parts of the vulnerability management process by using standards for: enumerating platforms, software flaws, and improper configurations.CCI-001058Analyze vulnerability scan reports and results from vulnerability monitoring.CCI-001059Remediate legitimate vulnerabilities in organization-defined response times in accordance with an organizational assessment risk.CCI-001060Defines response times for remediating legitimate vulnerabilities in accordance with an organization assessment of risk.CCI-001061Share information obtained from the vulnerability monitoring process and control assessments with organization-defined personnel or roles to help eliminate similar vulnerabilities in other systems.CCI-001641Defines the process for conducting random vulnerability scans on the system and hosted applications.CCI-001643Monitor and scan for vulnerabilities in the system and hosted applications in accordance with the organization-defined process for random scans.CCI-002376Defines the personnel or roles with whom the information obtained from the vulnerability monitoring process and control assessments will be shared.CCI-004634Employ vulnerability monitoring tools and techniques that facilitate interoperability among tools and automate parts of the vulnerability management process by using standards for: formatting checklists and test procedures.CCI-004635Employ vulnerability monitoring tools and techniques that facilitate interoperability among tools and automate parts of the vulnerability management process by using standards for: measuring vulnerability impact.CCI-004636Employ vulnerability monitoring tools that include the capability to readily update the vulnerabilities to be scanned.

Linked STIG Checks (0)

No STIG checks reference this control.