Performing Vulnerability Management Activities
This chapter covers the following topics:
Vulnerability Scans: This section covers credentialed vs. non-credentialed scans, agent-based/server-based scans, criticality ranking, and active vs. passive scans.
Security Content Automation Protocol (SCAP): This section describes Extensible Configuration Checklist Description Format (XCCDF), Open Vulnerability and Assessment Language (OVAL), Common Platform Enumeration (CPE), Common Vulnerabilities and Exposures (CVE), Common Vulnerability Scoring System (CVSS), Common Configuration Enumeration (CCE), and Asset Reporting Format (ARF).
Self-assessment vs. Third-Party Vendor Assessment: This section compares and contrasts these two approaches ...