Assured Compliance Assessment Solution (ACAS) 3.11 3.11.2 Risk Assessment
ACAS consists of a suite of products to include the Security Center, Nessus Scanner and the Nessus Network Monitor which is provided by DISA to DoD Customers at no cost.
ACAS consists of a suite of products to include the Security Center, Nessus Scanner and the Nessus Network Monitor which is provided by DISA to DoD Customers at no cost.
The Cybersecurity and Infrastructure Security Agency offers a range of cybersecurity assessments that evaluate operational resilience, cybersecurity practices, organizational management of external dependencies, and other key elements of a robust and resilient cyber framework. These professional, no-cost assessments are provided upon request on a voluntary basis and can help any organization with managing risk and strengthening the cybersecurity of our Nation's critical infrastructure.
This NIST Special Publication is a guide to the basic technical aspects of conducting information security assessments.
Open Web Application Security Project (OWASP) provides a list of commercial and free vulnerability scanning tools for various platforms.
This SANS whitepaper looks at how a vulnerability management process could be designed and implemented within an organization.
This SANS whitepaper discusses the benefits and pitfalls of Vulnerability Scanning suggests an approach suitable for small and medium-sized businesses.
The policy below is an example from the state of Alabama of a vulnerability scanning policy.
In this article from Tripwire, they discuss the four stages of a vulnerability management program