Use a vulnerability scanner with an updated database
Ensure a vulnerability scanner with current data is used to check for security issues.
Plain language
Using a vulnerability scanner with an updated database means you're using a tool that knows about the latest security problems when checking your computers and network equipment. If you don't have this, a hacker could find and exploit issues in your system before you even know they exist, potentially causing data breaches or other damage to your business.
Framework
ASD Essential Eight
Control effect
Detective
E8 mitigation strategy
PO
Classifications
N/A
Official last update
N/A
Control Stack last updated
19 Mar 2026
E8 maturity levels
ML1
Official control statement
A vulnerability scanner with an up-to-date vulnerability database is used for vulnerability scanning activities.
Why it matters
Without an updated vulnerability scanner, critical security flaws remain undetected, opening the door to breaches and data loss before mitigations can be applied.
Operational notes
Configure the vulnerability scanner to update its vulnerability database daily and alert on failures; confirm scan results use the latest feed before triage and remediation.
Implementation tips
- System administrators should ensure the vulnerability scanner software is installed on all critical systems. This involves downloading the software from a trusted source and following the installation instructions.
- IT teams must regularly update the vulnerability scanner database. This can be done by configuring the software to automatically download updates daily or checking for updates manually every morning.
- Security officers need to verify the vulnerability scanner is operational daily. This includes logging into the system to confirm scans are running and checking the status alerts.
- Network administrators should schedule daily scans for internet-facing systems and fortnightly for internal systems. This can be set up using the scheduling features within the scanner software.
Audit / evidence tips
-
AskCan you demonstrate how you ensure the vulnerability database is updated regularly?
-
GoodThe logs show updates occurring daily, and settings indicate that automatic updates are enabled
-
AskHow often is the vulnerability scanner used on different systems?
-
GoodReports confirm daily scans for external systems and fortnightly scans for internal systems
-
AskWhen was the last vulnerability scan conducted?
-
GoodThe report shows a scan was completed within the last 24 hours
Cross-framework mappings
How E8-PO-ML1.2 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
ASD ISM
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (1) expand_less | ||
| ISM-1699 | E8-PO-ML1.2 requires that vulnerability scanning activities use a vulnerability scanner with an up-to-date vulnerability database | |
| handshake Supports (4) expand_less | ||
| ISM-1697 | ISM-1697 requires organisations to apply non-critical driver patches within one month where no working exploits exist | |
| ISM-1698 | E8-PO-ML1.2 requires using a vulnerability scanner with an up-to-date vulnerability database for scanning activities | |
| ISM-1701 | E8-PO-ML1.2 requires use of a vulnerability scanner with an up-to-date vulnerability database for scanning activities | |
| ISM-1752 | E8-PO-ML1.2 requires that vulnerability scanning uses a scanner with an up-to-date vulnerability database | |
| extension Depends on (4) expand_less | ||
| ISM-1696 | ISM-1696 requires rapid application of critical OS patches within 48 hours for specified non-internet-facing systems and workstations bas... | |
| ISM-1702 | ISM-1702 requires organisations to use a vulnerability scanner at least fortnightly to identify missing operating system patches on speci... | |
| ISM-1879 | ISM-1879 requires organisations to apply critical driver patches or mitigations within 48 hours when vendor-critical or exploited, which ... | |
| ISM-1900 | ISM-1900 requires using a vulnerability scanner at least fortnightly to identify missing firmware patches or updates | |
| link Related (1) expand_less | ||
| ISM-1808 | E8-PO-ML1.2 requires that vulnerability scanning activities use a vulnerability scanner with an up-to-date vulnerability database | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.