Poisoning and machine-in-the-middle type attacks commonly target accounts with elevated privileges, including those used for vulnerability enumeration. Administrators must apply the principle of least privilege and/or separation of duties on the accounts used for vulnerability enumeration. Privileged credentials – A local or network account or a process with sufficient access to enumerate system configurations and software components across an entire asset. Vulnerability enumeration typically requires privileged access to gain full visibility at the application and configuration levels. Vulnerability enumeration – A technique to list host attributes (e.g., operating systems, applications, and open ports) and associated vulnerabilities. Data requirements to satisfy this objective will be published in a common data schema and made available to every Federal agency.
#Non ephemeral update#
Vulnerability enumeration performance data – Otherwise referred to as scanning logs, vulnerability enumeration performance data describes datapoints or measurements that provide visibility on the level of performance relative to the requirements in this directive, using automation and machine-level data (e.g., logs/events indicating successful credentialed enumeration completion, date/timestamps surrounding enumeration activities, and signature/plug-in update date/timestamps).
CISA will update this document with commonly asked questions and as new information becomes available. The guidance seeks to answer the most common questions asked by federal agencies. At a minimum, CISA expects FCEB agencies to meet or exceed the guidance in this document. While the primary audience for this document is Federal Civilian Executive Branch (FCEB) agencies, other entities may find the content useful. The purpose of this document is to help federal agencies interpret and implement CISA’s Binding Operational Directive (BOD) 23-01.
0 kommentar(er)
