Substantive Change: Vulnerability Scanning Exception (EXCEPT0000202)

Author
tft8g
Last modified
May 9, 2024 - 1:46pm

Effective: December 8, 2020 

The vulnerability scanning requirement for all network connected managed devices to be scanned has been rescinded for six months while Information Security works to provide a process or solution to provide this service as required in the standard. 

Please review the details of the exception and its compensating controls as well as the standards to which this exception applies.