Standard SEL
Interactive SEL
Canadian REL
IAB Interactive Standardized Equipment List
return to main tree
Search Interactive SEL:
[05NP-00-MDMS] Prev
[05NP-00-SIEM] Next
SEL Number:
05NP-00-SCAN
Title:
Tools, Vulnerability Scanning
Click here to check for SAVER documents related to this item.
Last Updated:
6/28/2022 10:28:34 AM
Previous SEL Number:
05NP-00-SCAN
Description:
Tools designed to identify security vulnerabilities on networks, databases, web applications or individual hosts on target networks.
ImportantFeatures:
Define target scan area by IP address, database instance or URL. Selectable scan criteria. Can detect vulnerable versions of services as well as improperly open ports. Some products can also conduct scans to check compliance against FDCC/USGCB, DoD STIGs and the CIS Benchmarks.
Products range from stand-alone software packages to dedicated network appliances with centralized management servers.
Operating Considerations:
Best use of these tools is recurring scans against established vulnerability baseline.
Use with caution - some tools can bring down target hosts. Suggest scanning a small representative subset of the target network or a non-production copy of the database or web application first to ensure that the scan is benign.
Note that because these scans are designed for the broadest possible detection, false positives will often be included in the results.
These tools do not simulate an attack. They merely identify known vulnerabilities. The best way to establish a "real" vulnerability baseline is through a third-party vulnerability assessment.
To achieve optimal results and reduce the number of false positives, these tools will need to conduct scans in an "authenticated" state, using a privileged account.
The level of reporting options may vary widely between products. Sample output should be examined prior to any purchase to ensure that any organizational auditing needs will be adequately met.
Training Requirements:
Core Training: Per Manufacturer's Specifications
Initial Training: Extensive (> 2 days)
Sustainment Training: Extensive (> 2 days)
Mandatory Standards:
Applicable Standards and References:
NIST SP 800-036, Guide to Selecting Information Security Products, Oct 2003 (WITHDRAWN, still available.)
NIST SP 800-083, Revision 1, Guide to Malware Incident Prevention and Handling for Desktops and Laptops, July 2013