Last updated by: Anonixiate, Last updated on: 01/05/2025

info

Document Creation: 17 April, 2025. Last Edited: 17 April, 2025. Authors: Shreyas Vivek, Kim Brvenik.
Effective Date: 17 April 2025. Expiry Date: 17 April 2026.

Fortnightly Audit Checklist

Patch Applications

ML1-PA-01 — Automated asset discovery runs at least fortnightly to detect new systems and applications.

• Audit Procedure:
  Review scan configuration and logs; validate schedule enforcement.

• Evidence Required:
  Scan logs, scheduler output, discovery delta reports.

• Tools/Methods:
  Qualys, Nessus, GVM

• Responsible Team:
  DevSecOps

• Status:
  [ ] Pass
  [ ] Fail
  [ ] N/A

• Notes:

  Add notes here during audit.

---

ML1-PA-04 — Fortnightly scans run for office software, email clients, and browsers.

• Audit Procedure:
  Verify credentials, schedules, and scope of scan.

• Evidence Required:
  Fortnightly reports, credentialed scan logs.

• Tools/Methods:
  GVM, Nessus Pro

• Responsible Team:
  DevSecOps

• Status:
  [ ] Pass
  [ ] Fail
  [ ] N/A

• Notes:

  Add notes here during audit.

---

Patch Operating Systems

ML1-PO-01 — An automated method of asset discovery is run and reviewed at least fortnightly.

• Audit Procedure:
  Validate discovery tool schedule, logs, and exception handling.

• Evidence Required:
  Discovery logs, schedule screenshots, output files.

• Tools/Methods:
  Qualys, Nessus, CMDB

• Responsible Team:
  DevSecOps

• Status:
  [ ] Pass
  [ ] Fail
  [ ] N/A

• Notes:

  Add notes here during audit.

---

ML1-PO-04 — Fortnightly scans are conducted for workstations, servers, and network devices.

• Audit Procedure:
  Check scan history and review report completeness across all environments.

• Evidence Required:
  Full vulnerability scan report logs.

• Tools/Methods:
  Qualys, GVM

• Responsible Team:
  DevSecOps

• Status:
  [ ] Pass
  [ ] Fail
  [ ] N/A

• Notes:

  Add notes here during audit.