Which control focuses on identifying vulnerabilities in information systems through scans and assessments?

Vulnerability scanning focuses on discovering weaknesses in information systems by using automated scans and assessments that look for missing patches, misconfigurations, exposed services, and other exploitable flaws. This control requires regular scanning, documenting findings, prioritizing remediation, and tracking progress to reduce risk. The goal is to provide an evidence-based view of where the organization is vulnerable and what steps are needed to mitigate those risks through timely remediation. Other options don’t fit because system interconnections concentrate on how systems connect and exchange data rather than ongoing vulnerability detection; security awareness training centers on educating users about security, not scanning for weaknesses; and FOSS refers to free and open source software, not a compliance control.