Building on the results of the 2015 vulnerabilities and continuous monitoring survey, the primary focus of this year's survey is to determine how organizations conduct continuous vulnerability assessment and remediation related to the CIS Critical Security Controls 6.0. This includes inventories of software and hardware, secure configurations for these systems, continuous monitoring assessment and remediation, and limitation and control of network ports, protocols and services.
You can view the associated whitepaper written by SANS Analyst Program Research Director, Barbara Filkins with input from last year's survey author, SANS Fellow and Dean of Instruction, Dave Hoelzer here: https://www.sans.org/reading-room/whitepapers/analyst/reducing-attack-surface-sans-second-survey-continuous-monitoring-programs-37417