An ISCM capability that identifies vulnerabilities [Common Vulnerabilities and Exposures (CVEs)] on devices that are likely to be used by attackers to compromise a device and use it as a platform from which to extend compromise to the network.
Sources:
NISTIR 8011 Vol. 1
See Capability, Vulnerability Management.
Sources:
NISTIR 8011 Vol. 1
under Vulnerability Management