Vulnerability Management
Effective vulnerability management can reduce risk to CX Index’s computing environment by verifying that systems or network devices are using current patch levels, are not running unnecessary services, and do not have default passwords.
CX Index shall run vulnerability scans against any systems containing (or accessing systems that contain) confidential data on a regular basis.
CX Index shall contract with a trusted third party to run external vulnerability scans against any Internet-facing systems on quarterly regular basis.