Information Resources and Technology Policy

Section Policy Name Policy Number
Network Vulnerability Scanning 2.03

Policy Purpose

The purpose of the Vulnerability Scanning security policy is to minimize the risk that Bradley University's resources are compromised from an attack.

Policy Description

All hosts (servers, computers, and network devices) that are listening on or have open IP ports accessible from the Internet must be scanned for vulnerabilities monthly.

If any vulnerabilities known by the scanner at the time of scan are found, the server administrator will be responsible for remediating the vulnerabilities on their server(s) within 30 days. If the vulnerabilities are not fixed within the prescribed timeframe, either a variance at the Vice Presidential level must be approved, or the host will be blocked from the Internet.

Before any request is configured for a firewall security exception, the internal host must be scanned, secured, and added to the list of hosts that are scanned automatically.

Policy Scope

This policy pertains to all hosts (servers, computers, and network devices) that are listening on or have open IP ports accessible from the Internet.

Policy Definitions

Date Approved Revision 1 Date Revision 2 Date Revision 3 Date Revision 4 Date Revision 5 Date
1/29/2010