Vulnerability Management Monitors

The Vulnerability Management Monitors section in Sprinto helps ensure that your organisation is actively identifying, tracking, and resolving vulnerabilities in a timely and auditable manner. These checks ensure compliance with vulnerability management requirements across major frameworks such as:

• SOC 2 (CC7.1, CC7.2)

• ISO 27001 (A.12.6.1, A.18.2.3)

• PCI DSS 6.1, 11.2

• HIPAA Security Rule

Sprinto tracks both automated scan results and evidence of periodic manual reviews (e.g. quarterly VAPT audits) to confirm whether your vulnerability management program is operating effectively.

What does Sprinto monitor?

Monitors and How to Resolve Them

1. VAPT Vulnerability Should Be Resolved

• Go to Vulnerabilities > Active Findings in Sprinto

• Filter by Status: Open and Severity: High/Critical

• Resolve findings or mark as accepted risk (with justification)

• Upload closure evidence (e.g. screenshots, logs, patch confirmation)

2. Periodic VAPT Report Must Be Uploaded

• Navigate to Evidence > Vulnerabilities or Audit Evidence

• Upload the latest penetration test report (e.g. PDF or CSV)

• Report must include:

  • Date of scan

  • Scope of scan (IPs, assets, systems)

  • Risk classification and remediation summary

• Ensure the report is from the last quarter or half-year, as per your policy

Evidence Guidelines

Tips

• Assign owners to each vulnerability to track accountability

• Maintain a central vulnerability tracker if you use third-party scanning tools

• Sprinto supports auto-remediation checks if integrated with supported scanners