Skip to main content
MuonPartners
Services
Architecture

Solution design and technology roadmapping

Solution AssessmentTechnology RoadmapsIntegration DesignSolution ArchitectureTechnical Design
Cyber Security

Security assessments, IAM, and compliance

AssessmentsIAMComplianceSecurity BaselineCyber Innovation
Network and Platform

Network architecture and cloud platforms

Network DesignCloud StrategyModernisation
Enterprise Architecture

Business-technology alignment

Business AlignmentPortfolio AnalysisGovernance
View all services
ProjectsCase StudiesInsightsToolsAbout
Contact Us

Services

Architecture
Solution AssessmentTechnology RoadmapsIntegration DesignSolution ArchitectureTechnical Design
Cyber Security
AssessmentsIAMComplianceSecurity BaselineCyber Innovation
Network and Platform
Network DesignCloud StrategyModernisation
Enterprise Architecture
Business AlignmentPortfolio AnalysisGovernance
ProjectsCase StudiesInsightsToolsAboutContact
Get in Touch
MuonPartners

Strategic technology consulting for Australian organisations navigating complexity.

Services

  • Architecture
  • Cyber Security
  • Network and Platform
  • Enterprise Architecture

Company

  • About
  • Products
  • Frameworks
  • Cross-Framework Mapping
  • Projects
  • Case Studies
  • Insights
  • Contact

Contact

  • [email protected]
  • Australia
  • LinkedIn

© 2026 Muon Partners. All rights reserved.

ABN 50 669 022 315 · A Muon Group company.

Privacy PolicyTerms of Service
  1. Frameworks
  2. >SP 800-53
  3. >Risk Assessment
  4. >SP800-53-RA-5(3)
SP800-53-RA-5(3)Active

Breadth and Depth of Coverage

Statement

Define the breadth and depth of vulnerability scanning coverage.

Location

Control Family
Risk Assessment

Control Details

Identifier
SP800-53-RA-5(3)
Family
RA
Parent Control
SP800-53-RA-5

Supplemental Guidance

The breadth of vulnerability scanning coverage can be expressed as a percentage of components within the system, by the particular types of systems, by the criticality of systems, or by the number of vulnerabilities to be checked. Conversely, the depth of vulnerability scanning coverage can be expressed as the level of the system design that the organization intends to monitor (e.g., component, module, subsystem, element). Organizations can determine the sufficiency of vulnerability scanning coverage with regard to its risk tolerance and other factors. Scanning tools and how the tools are configured may affect the depth and coverage. Multiple scanning tools may be needed to achieve the desired depth and coverage. SP 800-53A provides additional information on the breadth and depth of coverage.

Assessment Objective

the breadth and depth of vulnerability scanning coverage are defined.

No cross-framework mappings available

← Back to Risk Assessment
Risk Assessment26 controls
SP800-53-RA-1Policy and ProceduresSP800-53-RA-2Security CategorizationSP800-53-RA-2(1)Impact-level PrioritizationSP800-53-RA-3Risk AssessmentSP800-53-RA-3(1)Supply Chain Risk AssessmentSP800-53-RA-3(2)Use of All-source IntelligenceSP800-53-RA-3(3)Dynamic Threat AwarenessSP800-53-RA-3(4)Predictive Cyber AnalyticsSP800-53-RA-4Risk Assessment UpdateSP800-53-RA-5Vulnerability Monitoring and ScanningSP800-53-RA-5(1)Update Tool CapabilitySP800-53-RA-5(2)Update Vulnerabilities to Be ScannedSP800-53-RA-5(3)Breadth and Depth of CoverageSP800-53-RA-5(4)Discoverable InformationSP800-53-RA-5(5)Privileged AccessSP800-53-RA-5(6)Automated Trend AnalysesSP800-53-RA-5(7)Automated Detection and Notification of Unauthorized ComponentsSP800-53-RA-5(8)Review Historic Audit LogsSP800-53-RA-5(9)Penetration Testing and AnalysesSP800-53-RA-5(10)Correlate Scanning InformationSP800-53-RA-5(11)Public Disclosure ProgramSP800-53-RA-6Technical Surveillance Countermeasures SurveySP800-53-RA-7Risk ResponseSP800-53-RA-8Privacy Impact AssessmentsSP800-53-RA-9Criticality AnalysisSP800-53-RA-10Threat Hunting