You monitor security alerts/advisories and respond.
What it actually means
Stay aware of vendor and government security advisories (CISA, vendor bulletins) and act on the ones that affect you. It connects to patching — advisories tell you what's urgent.
Pass or fail — an assessor needs a "yes" to each
- Security alerts/advisories are monitored (CISA, vendors).
- Relevant advisories trigger action.
- There's a defined responsible owner.
What to have ready
- Subscription to advisory feeds (CISA/vendor)
- Records of advisory-driven action
- Policy/owner for monitoring
Where teams trip up
- Nobody watches advisories
- Advisories noted but never acted on
See where this control puts your score
Run all 110 requirements free in about 10 minutes.
Calculate your SPRS score →