VA (Vulnerability Assessment) scanning and reporting
April 14, 2010Documents and action items considerations for reporting requirements (nCircle, Qualys, Nessus, Appscan, SAMATE and other VA Scanning tools).
1. Scope Document (Project Scope)
2. Architecture Document
3. Roles and Responsibilities (Support Plan)
4. Escalation Path (Support Plan)
5. Run books (operations guide)
6. Asset Lists
7. SLA Review and Documentation
8. Metrics and Reporting Documentation
9. Training Materials (if applicable) – Draft – Complete
10. Knowledge Transfer (From Network “resource” to “security”)
· Scheduled Scans – Scan completion are disseminated to all parties
o Help desk tickets created as appropriate
o Threat response team reviews reports
o Takes action on items that are critical
· Metrics
· To be continued
www.bestitdocuments.com