Which of the follwoing is NOT a control for continuous vulnerability managemnt from implementing group $1?$

a$.$ perform automated vulnerability scans of internal enterprise assets on a quarterly, or more frequent, basis.

b$.$ establish and maintain a documented vulnerability management process for enterprise assets.

c$.$ establish and maintain a risk$-$based rememdiation strategy documented in a remediation process, with monthly, or more frequent, reviews

d$.$ perform application updates on enterprise assets through automated patch management on a monthly, or more frequent, basis.

e$.$ perform operating system updates on enterprise assets through automated patch management on a monthly, or more frequent, basis