A method for using certain specific standards for enabling automated vulnerability management and measurement of policy compliance. It allows organizations to stay up to date against advanced security threats.