CIS Controls v8

CIS 7 Continuous Vulnerability Management

Starts in IG1 | Identify and remediate vulnerabilities through recurring cycles.

Implementation Actions

Run authenticated scans.
Prioritize by severity and exploitability.
Track exceptions with review dates.

Evidence Examples

Scan reports
Remediation backlog
Risk exception log

Suggested Metrics

Critical vulnerability MTTR
SLA compliance by severity

Navigation

Back to All 18 CIS Controls NIST CSF 2.0 Guidance FedRAMP Guidance Cybersecurity Glossary