CIS-8.1.7.5 — Perform Automated Vulnerability Scans of Internal Enterprise AssetsDomain: CIS Control 7 | Safeguard: CIS-8.1.7.5 | Asset Class: Software | Security Function: Identify | Source: CIS Controls v8.1.2 (March 2025) |
Implementation Groups: IG1IG2IG3 Perform automated vulnerability scans of internal enterprise assets on a quarterly, or more frequent, basis. Conduct both authenticated and unauthenticated scans. |
Executive Summary (For Leadership and the Board)
CIS Safeguard CIS-8.1.7.5 sits inside Control 7 (Software / Identify). The Safeguard is most rigorously expected at IG3. Mature programs treat this as a measured, recertified, and audit-evidenced control rather than a one-time configuration. The Safeguard maps to NIST SP 800-53 Rev. 5 CM-7 (Least Functionality), CM-10/11 (Software Usage / User-Installed Software), SI-7 (Integrity) and to NIST CSF 2.0 ID.AM, PR.PS (Platform Security).
Executive Risk Lens: Verizon DBIR and Mandiant M-Trends reporting consistently identifies software-class control gaps as a leading enabler of ransomware lateral movement, supply-chain compromise, and undetected dwell time. A mature program treats Safeguard CIS-8.1.7.5 as one of the early indicators of overall control health, because dependent Safeguards inherit its quality.
How Northern Data Solutions Helps You Implement CIS-8.1.7.5
Service | What It Does |
|---|---|
Cyberwatch — Risk Identification | Third-party SBOM verification, dependency-vulnerability validation, and shadow-IT enumeration. |
Compliance-as-a-Service | Software inventory and SBOM evidence mapped to CIS-CSAT controls. |
Contact: northerndatasolutions.com/contact
Tags: CIS-8.1.7.5, cis-controls, cis-v8-1, ig3, control-7, asset-class-software, function-identify