Vulnerability Management System (VMS) – Standardising the Reporting of End-of-Support Products and Patch Vulnerabilities | Singapore Government Developer Portal
Have feedback? Please

Vulnerability Management System (VMS) is a centralised tool developed by Central Technical Services (CTS). VMS scans servers and devices holistically against vulnerabilities in the Common Vulnerabilities Scoring System (CVSS) database, which is the industry standard for assessing the severity of cyber-security vulnerabilities.

VMS will be expanded to include advanced web application scanning. This will allow Open Worldwide Application Security Project (OWASP) vulnerabilities and security misconfigurations in web application to be detected.

Key Features

  1. Support for both agent-based scanning and scanning via agency managed Nessus Scanner/Local Scanner (Credentialed/Non-Credentialed Scan).
  2. Support for basic web application scanning, e.g. Test HTTP method, Attempt HTTP Parameter Pollution.
  3. Support for CIS Compliance scanning, which provides a reference check to an agency-owned security hardening baseline, for improving security posture against misconfigurations or as part of the System Security Acceptance Test prior to system commissioning.
  4. Various dashboards available for:
    • Monitoring of vulnerabilities in Production and UAT systems separately.
    • Identifying patch and configuration vulnerabilities.
    • Overview of systems compliance to IM8 policies on vulnerability tracking and aging.
    • Overview of both OS and Application vulnerabilities by Application Systems.

Contact Us

Reach out to the product team through Ask GovTech @ ITSM Portal.

Last updated 25 June 2024


Was this article useful?
Send this page via email
Share on Facebook
Share on Linkedin
Tweet this page