Data feed from external scanning vendors should be up-loadable and tracked in MSI platform using ISM
SABB employs the services of 2 external vendors to scan the internet facing IP addresses to check for any vulnerabilities.
These results (2 different excel formats) should be up-loadable into the system. The external IP can in fact refer to the same asset created in the GRC library with an internal IP address. SABB is OK to still create it as a new asset with external IP address, if the external IP has not already created an asset.
and
SABB employs the services of 2 external vendors to perform penetration test on a sample of SABB network
These results (2 different excel formats) should be up-loadable into the system.