Automated scanning of systems to identify known software vulnerabilities, misconfigurations, and missing patches.
A vulnerability assessment is an automated scan of your systems against known vulnerability databases (CVE) and configuration baselines to identify unpatched software, weak settings, exposed services, and known exploitable conditions. The FTC Safeguards Rule requires vulnerability assessments at least every six months for firms not running continuous monitoring (16 CFR 314.4(d)(2)). Unlike penetration testing, vulnerability assessments do not attempt to exploit findings; they catalog them for remediation.
Vulnerability assessments are far cheaper than pen tests and catch the most common attack vectors: unpatched operating systems, outdated browsers, legacy services left running. They produce evidence that you are looking. For firms above 5,000 records, semi-annual scans are not optional. For smaller firms, they are still a fast way to demonstrate diligence to insurers and auditors.
The 58-Control Register module handles this for your firm, personalized to your software, team size, and state requirements.
See plans and pricingAn authorized, simulated attack against your systems to identify exploitable vulnerabilities before real attackers do.
Ongoing automated monitoring of systems for security threats, misconfigurations, and policy violations, as an alternative to periodic testing.
A structured list of all security controls your firm should have in place, mapped to regulatory requirements, with testing status and evidence.
Buy the WISP yourself if you need the document.
Talk to us if you want the platform.
We use cookies to measure site performance and improve your experience. No data is sold to third parties. Privacy Policy