SID-OPS-04 — Vulnerability Management

Property	Value
Status	to_do
Owner	platform
Category	process
CSF Function	detect
Group	Operational Controls

Description

Formal vulnerability management process: intake, triage, SLAs, patching, and disclosure policy. SBOM monitoring for third-party dependencies. Automated dependency scanning (Dependabot/Snyk) in CI/CD. Management of technical vulnerabilities per defined remediation timelines.

Operator Responsibility

Establish vulnerability management process with SLAs, deploy endpoint protection, and manage production configuration scanning.

Source References

security/sbom-monitoring.md

Audit Findings

Finding	Severity	Status
EN-S-3 — Partial SDLC, change management and vulnerability scanning	medium	in progress
ISO-O-12 — Partial supply chain security	medium	open
ISO-T-6 — Partial vulnerability and malware protection	medium	open

Description​

Source References​

Audit Findings​

Description

Source References

Audit Findings