Skip to content

5.01-Vulnerability Scans

Task Update the initial supported Mission Partner (MP) vulnerability assessment (VA) (scan)

Conditions

Given an IR Team deployed supporting a designated MP in Cyber Incident Recovery.

Standards

In coordination with the supported MP, the DCO-E should:

  • Review initial the VA and document any/all changes made to improve security
  • Conduct a port scan and document deltas with original scans
  • Conduct a vulnerability scan and document deltas with the original scans
  • As needed conduct a web application vulnerability scan (e.g. Burp Suite) and document deltas
  • As needed test firewalls, IDS/IPS, proxies and boundary defense appliance configurations and document deltas
  • Provide End of Assessment Nessus Report
  • Additional assessments as needed

End State

The IR Team provides an updated VA & scan to the support mission partner in order to document any actions taken during Eradication and Recovery phases.

Notes

Depending on the severity and/or complexity of the cyber incident, the DCO-E may consider conducting another full vulnerability assessment. At a minimum, full network/system scans with tools such as NMAP, OpenVAS, NESSUS, orothers is critical.

Manual Steps

Running Script

N/A

Dependencies

N/A

Other available tools

N/A

References

NIST Cyber Security Framework
NIST SP 800-184: Guide to Cyber Event Recovery
US CERT: Cyber Resilience Review Self Assessment Package

Revision History