Information Resources and Technology Policy
| Section |
Policy Name |
Policy Number |
| Network |
Vulnerability Scanning |
2.03 |
Policy Purpose
The purpose of the Vulnerability Scanning security policy is to minimize the risk that Bradley University's resources are compromised from an attack.
Policy Description
All hosts (servers, computers, and network devices) that are listening on or have open IP ports accessible from the Internet must be scanned for vulnerabilities monthly.
If any vulnerabilities known by the scanner at the time of scan are found, the server administrator will be responsible for remediating the vulnerabilities on their server(s) within 30 days. If the vulnerabilities are not fixed within the prescribed timeframe, either a variance at the Vice Presidential level must be approved, or the host will be blocked from the Internet.
Before any request is configured for a firewall security exception, the internal host must be scanned, secured, and added to the list of hosts that are scanned automatically.
Policy Scope
This policy pertains to all hosts (servers, computers, and network devices) that are listening on or have open IP ports accessible from the Internet.
Policy Definitions
| Date Approved |
Revision 1 Date |
Revision 2 Date |
Revision 3 Date |
Revision 4 Date |
Revision 5 Date |
| 1/29/2010 |
|
|
|
|
|
maintained by S. Renken
|