What are the industry best practices regarding the frequency using this tool. Should we analyze our servers once a month and repair the vulnerabilities. Or is every 6 months an acceptable frequency? What do most auditors feel is an acceptable best practice? We are a state government agency. Thank you

Hi,I'm not an auditor, but you shouldn't rely on the MBSA for routine security maintance. The MBSA is a useful tool to use for seeking any obvious attack vectors. Running it after you have completed a server configuration and then every time you install or modify roles would suffice. However, fixing security vulns should be included in day to day procedures which I know you (should) have.