Demo · sample data, not for production use · request the real tool →

CC7.1

Detects and monitors changes that could introduce vulnerabilities

SecurityImplementedSecurity (Common Criteria)

Control description

AICPA Trust Services Criteria

To meet its objectives, the entity uses detection and monitoring procedures to identify changes to configurations that result in the introduction of new vulnerabilities, and susceptibilities to newly discovered vulnerabilities.

Auditor test plan

How this is tested during the audit

Auditor inspects vulnerability scan cadence, drift detection on infra-as-code, and the SLA for patching by severity.

Evidence

1 item attached to this control

Open vault →
  • PDF

    tenable-scan-summary-2026-04.pdf

    sha256:0000000000000000… · 400.7 KB · 21d ago

Last reviewed
21d
Within 180-day window
Evidence on file
3

Owner

VE
VP Engineering
Accountable for design + operating effectiveness

Status timeline

Recent control history

  1. Last reviewed by VP Engineering

    21d ago

  2. Status set to implemented

    51d ago

  3. Initial control design approved

    111d ago