OITS provides vulnerability scanning for state agencies through the Enterprise Security Office. Vulnerability scanning can help to minimize an agency’s risk by identifying security holes, or vulnerabilities, in their network. For many agencies vulnerability scanning is a regulatory requirement that must be completed by an external entity, however all agencies are required by state policy to perform vulnerability scans either internally or externally annually.

• Meets state policy and most regulatory compliance requirements
• Security vulnerability scanning is an industry accepted best practice
• Executive summary and a technical report consisting of an inventory of potential security risks (vulnerabilities) by device and its suggested fix
• ITEC Policy 7230-A paragraph 6.1, Assessment Operations