RA - Risk Assessment

Controls Count: 1
Controls IDs: RA-5 (4)

Controls

RA-5 (4): Discoverable Information

Determine information about the system that is discoverable and take corrective actions to be taken if information about the system is discoverable are defined;.

Discoverable information includes information that adversaries could obtain without compromising or breaching the system, such as by collecting information that the system is exposing or by conducting extensive web searches. Corrective actions include notifying appropriate organizational personnel, removing designated information, or changing the system to make the designated information less relevant or attractive to adversaries. This enhancement excludes intentionally discoverable information that may be part of a decoy capability (e.g., honeypots, honeynets, or deception nets) deployed by the organization.

information about the system is discoverable;

corrective actions to be taken if information about the system is discoverable are defined; are taken when information about the system is confirmed as discoverable.

Procedures addressing vulnerability scanning

assessment report

penetration test results

vulnerability scanning results

risk assessment report

records of corrective actions taken

incident response records

audit records

system security plan