ID.RA-1

Asset vulnerabilities are identified and documented

Identify · Risk Assessment

Semi-Automated

Compliance Score

60%

Partially Compliant

Documentation Maturity

3/ 5

Target: 2.5

Implementation Maturity

3/ 5

Target: 2.5

Control Description

The organization identifies and documents vulnerabilities in its systems, networks, and applications through scanning, assessments, and threat intelligence.

Microsoft Graph API Endpoints Used

GET /security/secureScores

Required Permissions

SecurityEvents.Read.All

Findings (1)

12/20 items compliant

Severity	Finding	Recommendation
medium	Improvement needed: Asset vulnerabilities are identified and documented Current implementation does not fully meet the requirements of ID.RA-1.	Enable Microsoft Defender vulnerability management. Run regular vulnerability scans. Subscribe to CERT.be advisories. Document and track remediation of identified vulnerabilities.

Severity

Finding

medium

Improvement needed: Asset vulnerabilities are identified and documented

Current implementation does not fully meet the requirements of ID.RA-1.

Remediation Guidance

Enable Microsoft Defender vulnerability management. Run regular vulnerability scans. Subscribe to CERT.be advisories. Document and track remediation of identified vulnerabilities.