This control is fairly straightforward. We have flexibility in how we perform these scans, but the burden of proof will be on IllumiDesk to show that we are scanning all systems and that we are checking for the more relevant vulnerabilities. This control is meant to ensure we regularly assessing the state of all production systems. The update part of this control ensures we are always checking for the most recent vulnerabilities we know about. When properly applied, this control will help us generate a list of the risk associated with each IllumiDesk system and help us prioritize security resources dedicated to remediation. This control can also be valuable in validating the device inventory (see control # AM.1.01).