NIST 800-53 REV 5 • RISK ASSESSMENT

RA-5(6)Automated Trend Analyses

Compare the results of multiple vulnerability scans using {{ insert: param, ra-05.06_odp }}.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Supplemental Guidance

Using automated mechanisms to analyze multiple vulnerability scans over time can help determine trends in system vulnerabilities and identify patterns of attack.

Practitioner Notes

Automated trend analysis tracks your vulnerability data over time to identify patterns — are things getting better or worse? Which systems are chronically vulnerable? Which vulnerabilities keep coming back after remediation?

Example 1: Configure your vulnerability scanner to generate trend reports showing: total vulnerabilities by severity over the last 12 months, average time to remediate by severity, and systems with the most recurring findings. Present these trends to leadership monthly to demonstrate improvement or highlight areas needing attention.

Example 2: Export your scan data into Power BI and build dashboards that show vulnerability trends by system, team, severity, and age. Use the data to identify systemic issues — if one department always has the most critical findings, investigate whether they need more resources, training, or better patching processes.

More Risk Assessment Controls

RA-1 Policy and Procedures RA-2 Security Categorization RA-2(1) Impact-level Prioritization RA-3 Risk Assessment