Content library
NSM ICT Security Principles (Norway)
3.1.2: Subscribe to vulnerability intelligence services

Requirement description

Subscribe to vulnerability intelligence services to keep up to date with new and expected vulnerabilities. Use this information as input for vulnerability assessment tools.

How to fill the requirement

NSM ICT Security Principles (Norway)

3.1.2: Subscribe to vulnerability intelligence services

Task name
Priority
Status
Theme
Policy
Other requirements
Selecting and tracking data sources for vulnerability information
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Development and cloud
Technical vulnerability management
11
requirements

Examples of other requirements this task affects

I23: Ohjelmistohaavoittuvuuksien hallinta
Katakri
12.6.1: Management of technical vulnerabilities
ISO 27001
DE.CM-8: Vulnerability scans
NIST
TEK-19: Ohjelmistohaavoittuvuuksien hallinta
Julkri
8.8: Management of technical vulnerabilities
ISO 27001
See all related requirements and other information from tasks own page.
Go to >
Selecting and tracking data sources for vulnerability information
1. Task description

Information sources for software and other technologies have been consciously identified to identify and maintain information about technical vulnerabilities that are relevant to us (e.g. authorities or hardware and software manufacturers). Data sources are evaluated and updated as new useful sources are found.

Vulnerabilities can be found directly in the vendor systems we exploit or in the open source components exploited by many of our systems. It’s important to keep track of multiple sources to get the essential information obtained.

Regular analysis and utilization of information related to information security threats
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Development and cloud
Technical vulnerability management
13
requirements

Examples of other requirements this task affects

5.7: Threat intelligence
ISO 27001
23: Häiriöiden- ja poikkeamienhallintaprosessi
Digiturvan kokonaiskuvapalvelu
THREAT-2: Respond to Threats and Share Threat Information
C2M2
Article 13: Learning and evolving
DORA
3.3.4: Obtain and process threat information from relevant sources
NSM ICT-SP
See all related requirements and other information from tasks own page.
Go to >
Regular analysis and utilization of information related to information security threats
1. Task description

Organization carries out threat intelligence by analyzing and utilizing collected information about relevant cyber security threats related and corresponding protections.

When analyzing and utilizing the collected threat intelligence information, the following points must be taken into account:

  • analyzing how the threat intelligence information relates to to our own operations
  • analyzing how relevant threat intelligence information is to our operations
  • communicating and sharing information in an understandable form to relevant persons
  • utilizing the findings of threat intelligence to determine the adequacy of technical protections, technologies used and information security testing methods for analysis

Tasks included in the policy

Task name
Priority
Status
Theme
Policy
Other requirements
No items found.

Never duplicate effort. Do it once - improve compliance across frameworks.

Reach multi-framework compliance in the simplest possible way
Security frameworks tend to share the same core requirements - like risk management, backup, malware, personnel awareness or access management.
Cyberday maps all frameworks’ requirements into shared tasks - one single plan that improves all frameworks’ compliance.
Do it once - we automatically apply it to all current and future frameworks.
Get to know Cyberday
Start your free trial
Cyberday is your all-in-one solution for building a secure and compliant organization. Whether you're setting up a cyber security plan, evaluating policies, implementing tasks, or generating automated reports, Cyberday simplifies the entire process.
With AI-driven insights and a user-friendly interface, it's easier than ever to stay ahead of compliance requirements and focus on continuous improvement.
Clear framework compliance plans
Activate relevant frameworks and turn them into actionable policies tailored to your needs.
Credible reports to proof your compliance
Use guided tasks to ensure secure implementations and create professional reports with just a few clicks.
AI-powered improvement suggestions
Focus on the most impactful improvements in your compliance with help from Cyberday AI.