Vulnerability Management Policy Template for CIS Control 7

Cybersecurity professionals are constantly challenged by attackers actively searching for vulnerabilities within enterprise infrastructure to exploit and gain access. Defenders must leverage timely threat information available to them about software updates, patches, security advisories, threat bulletins, etc., and they should regularly review their environment to identify these vulnerabilities before the attackers do. Understanding and managing vulnerabilities is a continuous activity, requiring focus of time, attention, and resources.

This policy template is meant to supplement the CIS Controls v8. The policy statements included within this document can be used by all CIS Implementation Groups (IGs), but are specifically geared towards Safeguards in Implementation Group 1 (IG1).