Anchor: #i1022709

Section 7: Vulnerability Assessments

Anchor: #i1022717

Introduction

All TxDOT information systems undergo vulnerability assessments to help and correct flaws that leave them open to attack. This specifies how often these assessments are conducted and how their findings are addressed. Conducting vulnerability assessments aligns with the Agency’s Intrusion Prevention Policy and helps implement the “Detect” objective of the Texas CyberSecurity Framework.

Anchor: #i1022731

Protocol

TxDOT conducts vulnerability assessments on a quarterly rotation for all information resources deployed on its network. The purpose of the quarterly rotation is to ensure all assets are assessed for vulnerabilities on a yearly basis. The assessments are conducted specifically to identify, analyze, and report flaws

  • on the network
  • in application configurations that are either on or off the network
  • in the source code for web applications and services, databases, software, and mobile applications.

TxDOT conducts these evaluations within a centrally-managed vulnerability assessment system.

Anchor: #i1022745

General Responsibilities

Assessment of vulnerabilities is the joint responsibility of the Information Security Office and the Office of Primary Responsibility for the asset, product or service being evaluated. Employees must cooperate with the vulnerability assessments and with the Information Security Office to correct any flaws.

The Information Security Officer ensures that employees comply with the vulnerability assessments mandates issued in the Intrusion Prevention Policy.

Compliance and Standards

See the “Vulnerabilities Scan Standards” in the Information Security Standards manual, for minimum standards necessary to comply with this objective of the Intrusion Prevention Policy.

Previous page  Next page   Title page