3.11.2 Scan for Vulnerabilities

Contents

3.11.2 Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified.

To go back to the NIST 800-171 Controls page, click here.

Guides

SANS Institute – Implementing a Vulnerability Management Process
SANS Institute – Vulnerabilities & Vulnerability Scanning
SANS Institute – Implementing Vulnerability Scanning in a Large Organization
NIST SP 800-115 – Technical Guide to Information Security Testing
Qualys Security and Compliance Suite Rollout Guide
Nessus User Guide
TrustWave Vulnerability Management User Guide

Example Tools

Qualys
Rapid 7
Nessus
Acunetix
TrustWave

Sample Policy & Procedures

State of Alabama – Information Technology Policy – Vulnerability Scanning

Additional Lessons Learned

Credentialed Scans

Videos

BrightTALK – Rethinking Vulnerability Management
BrightTALK – Is Your Vulnerability Management Program Vulnerable? Part 1
BrightTALK – Is Your Vulnerability Management Program Vulnerable? Part 2
BrightTALK – Effective Patch Management with Qualys Guard

Vendor Documentation

Tenable – NIST SP 800-171: Risk Assessment (3.11, 3.12)
Tenable – The Challenges of Vulnerability Management
TrustWave – Vulnerability Management Services

Updated on July 16, 2025

Tagged: NIST Forms NIST-800

Was this article helpful?

Yes No

Need Support?

Can’t find the answer you’re looking for? Don’t worry we’re here to help!

Contact Support