Vulnerability scanner used fortnightly to identify missing driver patches
Use a vulnerability scanner every two weeks to find missing driver updates.
Plain language
Using a vulnerability scanner every two weeks helps identify missing updates for drivers on your computers. This is crucial because outdated drivers could leave your systems exposed to hackers who exploit these gaps to gain access to your data or disrupt your business operations.
Framework
ASD Essential Eight
Control effect
Detective
E8 mitigation strategy
PO
Classifications
N/A
Official last update
N/A
Control Stack last updated
19 Mar 2026
E8 maturity levels
ML3
Official control statement
A vulnerability scanner is used at least fortnightly to identify missing patches or updates for vulnerabilities in drivers.
Why it matters
Unpatched drivers can be exploited for elevated access, causing data breaches or operational disruption.
Operational notes
Run driver-focused vulnerability scans at least fortnightly; triage findings and deploy required driver patches within the cycle.
Implementation tips
- The IT team should schedule regular scans every two weeks using a vulnerability scanner to identify missing driver updates. This can be set up as an automated task in the scanner's settings.
- System administrators should ensure the vulnerability scanner's database is always up-to-date before running scans. This involves checking the scanner's settings to automatically download the latest vulnerability information.
- The security officer should review the results of each vulnerability scan to identify and prioritise any missing critical driver updates that need immediate attention. They can do this by generating a report and sorting identified issues by severity.
- IT support staff should apply identified missing patches to drivers as discovered by the scanner. This can be done by following the scanner's recommendations or vendor instructions provided in the scan report.
Audit / evidence tips
- AskHow frequently is the vulnerability scanner used to check for missing driver updates?
- GoodThe scanner is scheduled to run every two weeks, and we have logs showing consistent scan execution within this timeframe
- AskWhen was the vulnerability database last updated before a scan?
- GoodThe database is updated automatically every 24 hours, and logs show it was updated just before the last scan
Cross-framework mappings
How E8-PO-ML3.1 relates to controls across ISO/IEC 27001, ISO/IEC 42001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (1) expand_less | ||
| Annex A 8.8 | E8-PO-ML3.1 focuses on using a vulnerability scanner at least fortnightly to identify missing driver patches or updates | |
ASD ISM
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (1) expand_less | ||
| ISM-1163 | E8-PO-ML3.1 requires a vulnerability scanner be used at least fortnightly to identify missing patches or updates for vulnerabilities in d... | |
| handshake Supports (3) expand_less | ||
| ISM-0298 | E8-PO-ML3.1 requires fortnightly vulnerability scanning to identify missing driver patches or updates | |
| ISM-1143 | E8-PO-ML3.1 requires fortnightly vulnerability scanning to identify missing driver patches or updates | |
| ISM-1697 | ISM-1697 requires organisations to apply non-critical driver patches within one month where no working exploits exist | |
| extension Depends on (1) expand_less | ||
| ISM-1808 | E8-PO-ML3.1 requires fortnightly vulnerability scanning to identify missing driver patches or updates | |
| link Related (1) expand_less | ||
| ISM-1703 | E8-PO-ML3.1 requires a vulnerability scanner to be used at least fortnightly to identify missing driver patches or updates | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.