RA-5 (8)

RA-5 (8) H M

The organization reviews historic audit logs to determine if a vulnerability identified in the information system has been previously exploited.

Supplemental Guidance

Further Guidance

RA-5 (8) Requirements: This enhancement is required for all high vulnerability scan findings.
Guidance: While scanning tools may label findings as high or critical, the intent of the control is based around NIST's definition of high vulnerability.

Related Controls