1. Reason for Amendment
a. Background: We're updating the current Vulnerability Analysis and Assessment Standards, last amended in 2021, to reflect the latest changes in the IT environment.
b. Need for Government Intervention: Cyber-attacks on critical information and communication infrastructure can have a significant impact on national security and public safety. Because of this, it's essential to prevent cyber-attacks and ensure quick recovery.
c. Purpose: To prevent cyber-attacks and guarantee stable digital services, we need to create new inspection standards that secure the information protection capabilities of critical infrastructure. These standards will cover confidentiality, integrity, and availability.
2. Main Points
a. Vulnerability Analysis and Assessment: A new inspection items for areas like cloud and web services have been added to reflect changes in the IT environment. To improve the accuracy of the analysis, redundant or overlapping items have been removed and the importance level of certain items has been upgraded. These changes are detailed in Attachments 2 and 3.
b. Review Period: The review periods, previously categorized based on different legal grounds, have been consolidated for simplicity and consistency. This adjustment, outlined in Article 5 (Other Matters), will streamline the process for future revisions of the standards.
