CIS Control 4 calls for IT managers to assess enterprise vulnerabilities on a regular basis, typically using automated tools, and fixing most critical vulnerabilities.