Update vulnerability-management.md

wagov · Nov 17, 2023 · 269cf4b · 269cf4b
1 parent 084f3a6
commit 269cf4b
Showing 1 changed file with 1 addition and 3 deletions.
diff --git a/docs/baselines/vulnerability-management.md b/docs/baselines/vulnerability-management.md
@@ -14,9 +14,7 @@ The links embedded in the checklist below are to recommended approaches that can
         - [IVRE (GPL-3.0 license, self-hosted)](https://ivre.rocks) and [runZero (commercial)](https://www.runzero.com) are high performance asset discovery and fingerprinting platforms that can scan the full IPv4 address space on a weekly basis.
         - The [WA Government Vulnerability Scanning Platform](https://www.wa.gov.au/organisation/department-of-the-premier-and-cabinet/vulnerability-scanning-service) has [Discovery Scans](https://www.wa.gov.au/organisation/department-of-the-premier-and-cabinet/vulnerability-scanning-service) available however these need scoping to subnets for performance. 
 - [ ] Implement daily active [Web](https://www.tenable.com/products/tenable-io/web-application-scanning) & [Basic Network Scans](https://docs.tenable.com/nessus/Content/ScanAndPolicyTemplates.htm#Scanner_Templates) across internet-facing assets 
-- [ ] Implement Cloud Security Posture Management (CSPM) to inventory and assess all public cloud resources (example controls to assess: [Microsoft cloud security benchmark (v1)](https://learn.microsoft.com/en-us/security/benchmark/azure/overview) ).
-    - [ ] [Tenable CSPM](https://docs.tenable.com/cloud-security/Content/About/AboutTenablecs.htm) supports AWS, Microsoft Azure, and GCP
-    - [ ] [Microsoft Defender CSPM](https://learn.microsoft.com/en-us/azure/defender-for-cloud/concept-cloud-security-posture-management) supports Azure, AWS, GCP, on-premises
+- [ ] Implement [Cloud Security Posture Management (CSPM)](https://soc.cyber.wa.gov.au/guidelines/secure-configuration/#infrastructure-public-cloud-and-on-premise-compute-and-storage-configuration-monitoring) to inventory and assess all public cloud resources.
 - [ ] Implement weekly active [Basic Network Scans](https://docs.tenable.com/nessus/Content/ScanAndPolicyTemplates.htm#Scanner_Templates) and [Basic Agent Scans](https://docs.tenable.com/nessus/Content/ScanAndPolicyTemplates.htm#Scanner_Templates) towards all assets on enterprise IT networks.
     - [ ] Ensure all excluded devices and networks are [segmented](../guidelines/further-five.md#network-segmentation) and have [network-related logs](../guidelines/further-five.md#implementation-guidance-leveraging-network-related-logs) being monitored by [security operations](security-operations.md).
 - [ ] Assign all discovered assets to Maintenance Groups as outlined in [NIST Special Publication 800-40r4](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-40r4.pdf) (Guide to Enterprise Patch Management Planning: Preventive Maintenance for Technology)