Installing the Splunk, Defender ATP and Nessus agents (if not already installed).Limiting connectivity via firewall rules and/or moving to RFC 1918 (aka private) IP space.Examples of compensating controls include: For an exception to be granted, IS requires compensating controls be implemented in order to mitigate the risk of the vulnerability. Please use this ServiceNow form to request an exception. The system does not support the configuration needed to remediate the vulnerability.Systems running software that is not supported or is end-of-life that has proper justification.Systems that are scheduled to be decommissioned in the near future.Situations when an exception may be granted include: Sometimes, however, it might not be possible to remediate a vulnerability within this time frame, or the “vulnerability” may be a false positive.
Vulnerability Exceptions & Scan Exclusions Vulnerability ExceptionsĪccording to the IS Vulnerability Management Standard, vulnerabilities identified during scans must be remediated within a certain time frame depending on the severity of the vulnerability.
0 kommentar(er)
