Skip to main content

Address issue findings in your Scorecard

Mark Glinski
  • Updated

In this article:

    You can address any issue finding on your Scorecard to help you maintain the highest possible score and ensure that your customers and partners can assess your Scorecard with full context and understanding.

    Different ways to address a finding

    Each method of addressing a finding has a different outcome for the finding

    Resolve a finding

    You can use a platform feature to resolve a finding and have us remove it from your Scorecard to erase its score impact. You can request a resolution for different reasons:

    • You have remediated the vulnerability or security problem. For example, you have applied an update patch to vulnerable product version. 
    • You have a compensating control in place. For example, you have backported the operating system on an asset that is running a vulnerable software version.
    • You believe the finding is accurate.
    Note: Make sure to provide details and evidence in your resolution request, including attachments if available, to help our Support team with the review process 

    Remediate a finding without requesting resolution

    If you remediate the vulnerability but do not ask us to resolve it, the finding decays after a certain number of days, depending on the issue type.

    For example, if you move a server that we flagged for a finding behind your firewall, our recurring scans no longer detect it. Eventually, the finding is automatically removed from your Scorecard.

    Comment on a finding that you cannot resolve

    Certain issue findings, such potential vulnerabilities cannot be resolved. They remain on your Scorecard for visibility so that customers, prospects, or partners can gain a complete assessment of your security posture. In this case, you can use a platform feature to comment on the finding and indicate whether you have addressed the finding, so that organizations know that you are aware of it and are taking action to reduce risk.

    Manage the affected asset or request its removal

    If you believe the asset with the issue finding does not belong to your organization, or if it is associated with your organization in a way that should impact your score less or not at all, such as with a parked domain, you can manage the asset in your Digital Footprint.

    Use the platform to resolve an issue finding

    Take the following steps to locate an issue, review its findings, and them initiate resolution:

    Locate the issue type with findings that you wan to resolve.

    1. In the platform, select My Scorecard from the top navigation menu.

      select-my-scorecard.png

    2. In your Scorecard, view issue types by factor and then select the issue you want to address, or...

      issue-resolution-factors-issues.png

      ... select the Issues tab to view all issues at once, and then select the issue.

      issue-resolution-issues-tab.png

    3. Review the information about the issue type and recommendations for remediation.

      issue-resolution-description.png

    Initiate resolution for findings

    1. Scroll down to the Findings table, and the select the findings you want to address. Then click Resolve.

      issue-resolution-resolve.png

    2. Select the reason you want to resolve the findings.

      issue-resolution-resolution-type.png

    3. For reasons other than This is not my IP or domain, provide as much detail or context to help Support review your request. Then, click Submit.

      issue-resolution-explanation.png

      For the reason This is not my IP or domain, click the link to manage the affected finding in your Digital Footprint. Learn how to manage assets in your Digital Footprint.

      issue-resolution-df-link.png

    What happens next: approvals, projected scores, denials

    After you submit a resolution request, our Support team reviews it and any supporting evidence. See the Dispute, Correction, and Appeal section of our Trust page for response times.

    If Support approves your request, we display a banner on the Score Factors page of your Scorecard

    Click Approved Requests to see the approvals.

    issue-resolution-projected-score.png

    issue-resolution-approved-requests.png

    Based on these approvals, your score changes in one to three days.

    For denials, you receive an explanatory email. 

    Note: In addition to the Factors page, your Projected Score is also reflected in your Scorecard header. Currently it is not displayed elsewhere in the platform, such as in Portfolios.

    projected-score-scorecard-header.png

     

    Comment on an issue or finding

    To comment on an issue that you cannot resolve, take the following steps:

    1. Locate the issue or finding. 
    2. Click Add Comment in the Comment on issue area. 

      issue-resolution-add-comment.png

    3. Select one of the preset comments and click Save.
      Or enter your own comment and click Request Approval, so that we can review the comment and then post it.

      potential-vuln-comment.png

    Get help

    For more information or additional questions, submit a support request.

    Related articles