| Name of the measure | Threat and vulnerability management |
| Related attribute | Proactive threat and vulnerability management |
| Context | The level of vulnerability of shared resources has an impact on the security of the infrastructure. To protect against threats and attacks, it is important to reduce the level of vulnerability of shared resources |
| Measure audience | Organizations (supplier and applicant) |
| objective | The goal is to ensure that shared resources meet the vulnerability levels of the CVSS [9] . |
| Definition of the measure | Assign sensitivity levels to each shared resource. These levels are defined according to the CVSS v2.0 vulnerability level standard |
| Data collection | The level of sensitivity is defined by each supplier of resources and validated by the applicant. |