Primary navigation

    Internal Vulnerability Management Service

    MNIT's Threat and Vulnerability Management Unit (TVMU) provides Internal Vulnerability Management Service (IVMS) to help eligible entities discover new and existing vulnerabilities. TVMU uses enterprise-class vulnerability assessment tools to continuously identify, assess, prioritize, and correct security vulnerabilities.

    About IVMS

    IVMS is a full vulnerability management service that pairs security analysts with sophisticated scanning tools. 

    TVMU scans a large range of computing platforms including desktops and servers, as well as network devices, VMware, F5 and other platforms.

    TVMU also:

    • Works with participating entities on the scope and assessment of devices to be scanned for vulnerabilities.
    • Works closely with each entity to ensure the vulnerability scanning environment is appropriately configured.
    • Conducts in-depth vulnerability scans that either require agent software or credentials to the targeted devices.

    About the scans:

    • All scans run on an automated and continuous schedule.
    • Once automated scans are configured and running, entities are responsible for correcting any issues. TVMU acts in an advisory capacity only.
    • MNIT security analysts review and prioritize scan results and communicate applicable information to the entity’s technical team through a regularly scheduled Teams meeting (usually monthly).

    Key benefits and features

    Dedicated vulnerability management experts with deep knowledge and experience in vulnerability assessment provide:

    • Comprehensive vulnerability scanning using sophisticated enterprise-class scanning technology.
    • Actionable information for an entity’s technical team along with consultative assistance.
    • Risk assessment and mitigation expertise.
    • Configuration Compliance Scanning (scanning a system based on a hardening standard). TVMU uses Center for Internet Security (CIS) benchmarks.

    Who is eligible?

    MNIT’s Internal Scanning service is available to Minnesota counties, port cities, and Tribal Nations.

    Service rates

    MNIT offers the first year of IVMS free to eligible entities with support from the Whole-of-State Cybersecurity grant program. After the first year, entities are charged based on the number of licenses issued.

    Next steps

    Contact MNIT’s Cyber Navigator team: CN.MNIT@state.mn.us.

    A Cyber Navigator will schedule a meeting with your organization to provide an overview, review roles and responsibilities, answer questions, and share the required program documentation. After documents are signed, the Cyber Navigator will schedule a kick-off meeting and provide an entity-specific deployment timeline.

    back to top