OITS provides vulnerability scanning for state agencies through the Enterprise Security
Office. Vulnerability scanning can help to minimize an agency’s risk by identifying
security holes, or vulnerabilities, in their network. For many agencies vulnerability
scanning is a regulatory requirement that must be completed by an external entity,
however all agencies are required by state policy to perform vulnerability scans
either internally or externally annually.