ID.RA-01:

Implementation Examples

Ex1: 

Use vulnerability management technologies to identify unpatched and misconfigured software

Ex2: 

Assess network and system architectures for design and implementation weaknesses that affect cybersecurity

Ex3: 

Review, analyze, or test organization-developed software to identify design, coding, and default configuration vulnerabilities

Ex4: 

Assess facilities that house critical computing assets for physical vulnerabilities and resilience issues

Ex5: 

Monitor sources of cyber threat intelligence for information on new vulnerabilities in products and services

Ex6: 

Review processes and procedures for weaknesses that could be exploited to affect cybersecurity