• Category: Vulnerability management
• Points: 20

Rationale

Logging medium and lower-risk vulnerabilities keeps track of minor issues before they evolve into significant threats, supporting proactive maintenance of the organization's security.

How to do it

Identify minor vulnerabilities through scans or reviews and log them in the vulnerability management system with supporting details.

Expected Evidence

Provide a redacted screenshot or export from the vulnerability management system showing logged issues.