The goal of the Vulnerability Program is to facilitate the attainment of IS-3 compliance for all UCLA units. To achieve compliance, units are responsible for meeting the IS-3 requirements below, (regardless of manages scans and reports, the unit or the IT Security Office). Ultimately, the unit are accountable for the remediation and protection of their environments.
- IT Security centrally-managed scanners – credentialed or non-credentialed.
- Unit scanner – credentialed or non-credentialed, reporting to the central cloud-based console.
- Note: Non-credentialed scans are prone to false positives and as a result, more Unit resource effort is required to validate that reports are IS-3 compliant.
- Agent-based – Reports back to the central cloud-based console (on par with credentialed scans).
Upon the completion of the scans, reports will be generated by or either the unit or centrally by the IT Security team. .
The IT Security Office will assist units in interpreting vulnerability results and providing best practices for managing vulnerabilities.
Due to the complex nature of the Vulnerability Management Program (VMP), the following training is available:
- Leadership training – reading and understanding reports
- Service Providers and UISL – understanding scans and reports
- Discussion Forum – in depth response to VMP questions
Service Level Commitments
The IT Security Office will provide units with the following service level commitments:
- Unit Tenancy set up – 5 days
- User Accounts – 3 days
- Scan set up – 3 days
- Report setup – 3 days
- Remediation guidance – 1-3 days
- Training coordination – 5 days
- Provide IPs/Ranges
- Schedule and start scans, if unit managed
- Remediate vulnerabilities
IT Security Team
- IT Security Lead : Adrian Mohuczy-Dominiak
- Security Analyst: Ike Oparaocha
- Project Manager: Doug Sumner
Only available for campus departments via service request.