Direct links from the subject.
| Property | Value |
|---|---|
|
The subject is an instance of a class. |
|
|
The subject is an instance of a class. |
An idea or notion; a unit of thought. |
|
A human-readable name for the subject. |
ID.RA-01.2: A process shall be established to continuously monitor, identify, and document vul- nerabilities of the organisation's business critical systems. |
|
ID.RA-01.2 |
|
|
http://cyfun.data.gift/data/loc_CyFun2025_Booklet_ESSENTIAL_E_p63 |
|
|
http://cyfun.data.gift/data/loc_CyFun2025_Booklet_IMPORTANT_E_p45 |
|
|
Relates a concept to a concept that is more general in meaning. |
|
|
A general note, for any purpose. |
<div><p>The goal of this control is to ensure that vulnerabilities in business-critical systems are continuously identified, monitored, and documented to support timely risk mitigation and maintain operational resilience. To achieve this goal, the organisation should:</p><ul><li>Use Vulnerability Scanning Where Safe Vulnerability scanning should be applied to IT and OT systems where it does not disrupt operations or com- promise safety. Passive or non-intrusive methods should be preferred in OT environments.</li><li>DeployVulnerability Management Tools Tools should be used to detect unpatched software, misconfigurations, and outdated firmware across both IT and OT assets.</li><li>Assess Architectures for Weaknesses Network and system architectures, including segmentation, remote access paths, and legacy components, should be reviewed for design flaws that could expose OT systems to cyber threats.</li><li>Monitor Threat Intelligence Sources Public and private sources of cyber threat intelligence should be monitored for vulnerabilities affecting OT products, industrial control systems (ICS), and vendor-specific technologies.</li><li>Review Organisation-Developed Software Custom applications, including those used in OT environments (e.g. HMIs, PLC logic), should be analysed and tested for insecure coding practices and default configurations.</li><li>Evaluate Operational Procedures Processes and procedures, especiallythose involving remote access, maintenance, and emergencyoperations, should be reviewed for exploitable weaknesses that could impact OT system integrity.</li></ul></div> |
|
A general note, for any purpose. |
The goal of this control is to ensure that vulnerabilities in business-critical systems are continuously identified, monitored, and documented to support timely risk mitigation and maintain operational resilience. To achieve this goal, the organisation should: - Use Vulnerability Scanning Where Safe Vulnerability scanning should be applied to IT and OT systems where it does not disrupt operations or com- promise safety. Passive or non-intrusive methods should be preferred in OT environments. - DeployVulnerability Management Tools Tools should be used to detect unpatched software, misconfigurations, and outdated firmware across both IT and OT assets. - Assess Architectures for Weaknesses Network and system architectures, including segmentation, remote access paths, and legacy components, should be reviewed for design flaws that could expose OT systems to cyber threats. - Monitor Threat Intelligence Sources Public and private sources of cyber threat intelligence should be monitored for vulnerabilities affecting OT products, industrial control systems (ICS), and vendor-specific technologies. - Review Organisation-Developed Software Custom applications, including those used in OT environments (e.g. HMIs, PLC logic), should be analysed and tested for insecure coding practices and default configurations. - Evaluate Operational Procedures Processes and procedures, especiallythose involving remote access, maintenance, and emergencyoperations, should be reviewed for exploitable weaknesses that could impact OT system integrity. |
|
A general note, for any purpose. |
The goal of this control is to ensure that vulnerabilities in business-critical systems are continuously identified, monitored, and documented to support timely risk mitigation and maintain operational resilience. To achieve this goal, the organisation should: - Use Vulnerability Scanning Where Safe Vulnerability scanning should be applied to IT and OT systems where it does not disrupt operations or com- promise safety. Passive or non-intrusive methods should be preferred in OT environments. - DeployVulnerability Management Tools Tools should be used to detect unpatched software, misconfigurations, and outdated firmware across both IT and OT assets. - Assess Architectures for Weaknesses Network and system architectures, including segmentation, remote access paths, and legacy components, should be reviewed for design flaws that could expose OT systems to cyber threats. - Monitor Threat Intelligence Sources Public and private sources of cyber threat intelligence should be monitored for vulnerabilities affecting OT products, industrial control systems (ICS), and vendor-specific technologies. - Review Organisation-Developed Software Custom applications, including those used in OT environments (e.g. HMIs, PLC logic), should be analysed and tested for insecure coding practices and default configurations. - Evaluate Operational Procedures Processes and procedures, especiallythose involving remote access, maintenance, and emergencyoperations, should be reviewed for exploitable weaknesses that could impact OT system integrity. |
|
A general note, for any purpose. |
The goal of this control is to ensure that vulnerabilities in business-critical systems are continuously identified, monitored, and documented to support timely risk mitigation and maintain operational resilience. To achieve this goal, the organisation should: • Use Vulnerability Scanning Where Safe Vulnerability scanning should be applied to IT and OT systems where it does not disrupt operations or com- promise safety. Passive or non-intrusive methods should be preferred in OT environments. • DeployVulnerability Management Tools Tools should be used to detect unpatched software, misconfigurations, and outdated firmware across both IT and OT assets. • Assess Architectures for Weaknesses Network and system architectures, including segmentation, remote access paths, and legacy components, should be reviewed for design flaws that could expose OT systems to cyber threats. • Monitor Threat Intelligence Sources Public and private sources of cyber threat intelligence should be monitored for vulnerabilities affecting OT products, industrial control systems (ICS), and vendor-specific technologies. • Review Organisation-Developed Software Custom applications, including those used in OT environments (e.g. HMIs, PLC logic), should be analysed and tested for insecure coding practices and default configurations. • Evaluate Operational Procedures Processes and procedures, especiallythose involving remote access, maintenance, and emergencyoperations, should be reviewed for exploitable weaknesses that could impact OT system integrity. |
|
A notation, also known as classification code, is a string of characters such as "T58.5" or "303.4833" used to uniquely identify a concept within the scope of a given concept scheme. |
ID.RA-01.2 |
|
skos:prefLabel, skos:altLabel and skos:hiddenLabel are pairwise disjoint properties. |
Continuous vulnerability monitoring |
|
A resource has no more than one value of skos:prefLabel per language tag, and no more than one value of skos:prefLabel without language tag. |
A process shall be established to continuously monitor, identify, and document vul- nerabilities of the organisation's business critical systems. |
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
http://cyfun.data.gift/data/CyFun2025_delta_BASIC_to_IMPORTANT |
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
The number of triples associated with the subject. |
19 |
|
Specifies the dataset the subject is part of. |
Resultaten 1 - 21 of 21
Inverse links to the subject.
| Property | Subject |
|---|---|
|
Relates a concept to a concept that is more specific in meaning. |
Resultaten 1 - 1 of 1