individuals prior to authorizing access to Covered Information Systems to ensure compliance with DOS Security standards; 15. Assessing the risk to DOS Information in Covered Information Systems periodically, including scanning for vulnerabilities and remediating such vulnerabilities in accordance with Dal policy