Vulnerability Scans and Responses - 171-0535-26
Agency Description
A vulnerability management program is a continuous, proactive, and structured process designed to identify, evaluate, prioritize, and mitigate security weaknesses in an organization’s IT infrastructure, applications, and assets. The goal is to close security gaps such as missing patches, misconfigurations, or outdated software before malicious actors can exploit them.
The Department of Technology, Management, and Budget (DTMB) Michigan Security Operations Center (MiSOC) team uses a scanning tool to identify vulnerabilities on the over 55,000 workstations, servers, telecom, and various other devices. The team transfers these vulnerabilities to the associated agency or business unit to remedy the vulnerabilities in a timely manner. The teams who manage the application or the infrastructure are different areas within DTMB. Vulnerabilities are typically remediated through the patching process. The results of these scans and remediation dates are presented on a regularly updated dashboard available to business units and management from agencies and DTMB.
Audit Objectives
- To assess the sufficiency of DTMB’s efforts to administer vulnerability scans and monitor the State’s assets.
- To assess the effectiveness of DTMB’s efforts to ensure the remediation of vulnerabilities in a timely manner.
- To assess the effectiveness of selected user access controls over the scanning tool.
Timing
Estimated Release Date: Late 2026
← Back to all work in progress