Direct links from the subject.
| Property | Value |
|---|---|
|
The subject is an instance of a class. |
|
|
The subject is an instance of a class. |
An idea or notion; a unit of thought. |
|
A human-readable name for the subject. |
ID.RA-01.6: Vulnerabilities shall be identified and managed in all relevant assets, including soft- ware, network and system architectures, and facilities. |
|
ID.RA-01.6 |
|
|
http://cyfun.data.gift/data/loc_CyFun2025_Booklet_ESSENTIAL_E_p66 |
|
|
http://cyfun.data.gift/data/loc_CyFun2025_Booklet_IMPORTANT_E_p47 |
|
|
Relates a concept to a concept that is more general in meaning. |
|
|
A general note, for any purpose. |
The goal of this control is to ensure that vulnerabilities are systematically identified and managed across all relevant assets, including software, network and system architectures, and physical facilities. This builds on control ID.RA-01.1, which focuses on identifying both threats and vulnerabilities to support risk reduction. To achieve this goal, the organisation should: • Extend the Scope ofVulnerability Management Vulnerability identification and remediation should cover all relevant assets, including IT and OT systems, applications, network designs, and facilities that support critical operations. • Maintain a Dedicated Vulnerability Management Process A structured process should be in place to continuously track, assess, and mitigate vulnerabilities, distinct from threat intelligence activities. • Differentiate Between Threat Intelligence and Vulnerability Management Separate processes or evidence should be maintained to distinguish between identifying external threats (e.g. threat actors, campaigns) and managing internalweaknesses (e.g. unpatched systems, misconfigurations). • Integrate with Broader Risk Management The vulnerability management process should align with the organisation’s overall risk management frame- work and support timely decision-making. • Ensure OT-Specific Considerations In OT environments, vulnerability management should account for legacy systems, vendor dependencies, and operational constraints that may limit patching or scanning options. |
|
A general note, for any purpose. |
The goal of this control is to ensure that vulnerabilities are systematically identified and managed across all relevant assets, including software, network and system architectures, and physical facilities. This builds on control ID.RA-01.1, which focuses on identifying both threats and vulnerabilities to support risk reduction. To achieve this goal, the organisation should: - Extend the Scope ofVulnerability Management Vulnerability identification and remediation should cover all relevant assets, including IT and OT systems, applications, network designs, and facilities that support critical operations. - Maintain a Dedicated Vulnerability Management Process A structured process should be in place to continuously track, assess, and mitigate vulnerabilities, distinct from threat intelligence activities. - Differentiate Between Threat Intelligence and Vulnerability Management Separate processes or evidence should be maintained to distinguish between identifying external threats (e.g. threat actors, campaigns) and managing internalweaknesses (e.g. unpatched systems, misconfigurations). - Integrate with Broader Risk Management The vulnerability management process should align with the organisation’s overall risk management frame- work and support timely decision-making. - Ensure OT-Specific Considerations In OT environments, vulnerability management should account for legacy systems, vendor dependencies, and operational constraints that may limit patching or scanning options. |
|
A general note, for any purpose. |
<div><p>The goal of this control is to ensure that vulnerabilities are systematically identified and managed across all relevant assets, including software, network and system architectures, and physical facilities. This builds on control ID.RA-01.1, which focuses on identifying both threats and vulnerabilities to support risk reduction. To achieve this goal, the organisation should:</p><ul><li>Extend the Scope ofVulnerability Management Vulnerability identification and remediation should cover all relevant assets, including IT and OT systems, applications, network designs, and facilities that support critical operations.</li><li>Maintain a Dedicated Vulnerability Management Process A structured process should be in place to continuously track, assess, and mitigate vulnerabilities, distinct from threat intelligence activities.</li><li>Differentiate Between Threat Intelligence and Vulnerability Management Separate processes or evidence should be maintained to distinguish between identifying external threats (e.g. threat actors, campaigns) and managing internalweaknesses (e.g. unpatched systems, misconfigurations).</li><li>Integrate with Broader Risk Management The vulnerability management process should align with the organisation’s overall risk management frame- work and support timely decision-making.</li><li>Ensure OT-Specific Considerations In OT environments, vulnerability management should account for legacy systems, vendor dependencies, and operational constraints that may limit patching or scanning options.</li></ul></div> |
|
A general note, for any purpose. |
The goal of this control is to ensure that vulnerabilities are systematically identified and managed across all relevant assets, including software, network and system architectures, and physical facilities. This builds on control ID.RA-01.1, which focuses on identifying both threats and vulnerabilities to support risk reduction. To achieve this goal, the organisation should: - Extend the Scope ofVulnerability Management Vulnerability identification and remediation should cover all relevant assets, including IT and OT systems, applications, network designs, and facilities that support critical operations. - Maintain a Dedicated Vulnerability Management Process A structured process should be in place to continuously track, assess, and mitigate vulnerabilities, distinct from threat intelligence activities. - Differentiate Between Threat Intelligence and Vulnerability Management Separate processes or evidence should be maintained to distinguish between identifying external threats (e.g. threat actors, campaigns) and managing internalweaknesses (e.g. unpatched systems, misconfigurations). - Integrate with Broader Risk Management The vulnerability management process should align with the organisation’s overall risk management frame- work and support timely decision-making. - Ensure OT-Specific Considerations In OT environments, vulnerability management should account for legacy systems, vendor dependencies, and operational constraints that may limit patching or scanning options. |
|
A notation, also known as classification code, is a string of characters such as "T58.5" or "303.4833" used to uniquely identify a concept within the scope of a given concept scheme. |
ID.RA-01.6 |
|
skos:prefLabel, skos:altLabel and skos:hiddenLabel are pairwise disjoint properties. |
Comprehensive vulnerability management |
|
A resource has no more than one value of skos:prefLabel per language tag, and no more than one value of skos:prefLabel without language tag. |
Vulnerabilities shall be identified and managed in all relevant assets, including soft- ware, network and system architectures, and facilities. |
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
http://cyfun.data.gift/data/CyFun2025_delta_BASIC_to_IMPORTANT |
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
The number of triples associated with the subject. |
19 |
|
Specifies the dataset the subject is part of. |
Resultaten 1 - 21 of 21
Inverse links to the subject.
| Property | Subject |
|---|---|
|
Relates a concept to a concept that is more specific in meaning. |
Resultaten 1 - 1 of 1