In this article:
You can address any issue finding on your Scorecard to help you maintain the highest possible score and ensure that your customers and partners can assess your Scorecard with full context and understanding.
Different ways to address a finding
Each method of addressing a finding has a different outcome for the finding
Resolve a finding
You can use a platform feature to resolve a finding and have us remove it from your Scorecard to erase its score impact. You can request a resolution for different reasons:
- You have remediated the vulnerability or security problem. For example, you have applied an update patch to vulnerable product version.
- You have a compensating control in place. For example, you have backported the operating system on an asset that is running a vulnerable software version.
- You believe the finding is inaccurate.
Note: Make sure to provide details and evidence in your resolution request, including attachments if available, to help our Support team with the review process
Remediate a finding without requesting resolution
For example, if you move a server that we flagged for a finding behind your firewall, our recurring scans no longer detect it. Eventually, the finding is automatically removed from your Scorecard.
Comment on a finding that you cannot resolve
Certain issue findings, such potential vulnerabilities cannot be resolved. They remain on your Scorecard for visibility so that customers, prospects, or partners can gain a complete assessment of your security posture. In this case, you can use a platform feature to comment on the finding and indicate whether you have addressed the finding, so that organizations know that you are aware of it and are taking action to reduce risk.
Manage the affected asset or request its removal
If you believe the asset with the issue finding does not belong to your organization, or if it is associated with your organization in a way that should impact your score less or not at all, such as with a parked domain, you can manage the asset in your Digital Footprint.
Use the platform to resolve an issue finding
Take the following steps to locate an issue, review its findings, and them initiate resolution:
Locate the issue type with findings that you wan to resolve.
- In the platform, select My Scorecard from the top navigation menu.
- In your Scorecard, view issue types by factor and then select the issue you want to address, or...
... select the Issues tab to view all issues at once, and then select the issue.
- Review the information about the issue type and recommendations for remediation.
Initiate resolution for findings
- Scroll down to the Findings table, and the select the findings you want to address.
- If you have remediated the issue, click Fixed. Otherwise click Other resolutions and select the reason you want to resolve the finding.
- For reasons other than This is not my IP or domain, provide as much detail or context to help Support review your request. Then, click Submit.
For the reason This is not my IP or domain, click the link to manage the affected finding in your Digital Footprint. Learn how to manage assets in your Digital Footprint.
What happens next: approvals, projected scores, denials
After you submit a resolution request, our Support team reviews it and any supporting evidence. See the Dispute, Correction, and Appeal section of our Trust page for response times.
If Support approves your request, we display a banner on the Score Factors page of your Scorecard
Click Approved Requests to see the approvals.
Based on these approvals, your score changes in one to three days.
For denials, you receive an explanatory email.
Note: In addition to the Factors page, your Projected Score is also reflected in your Scorecard's company overview.
Comment on an issue or finding
To comment on an issue that you cannot resolve, take the following steps:
- Locate the issue or finding.
- Click Add Comment in the Comment on issue area.
Select one of the preset comments and click Save.
Or enter your own comment and click Request Approval, so that we can review the comment and then post it.
For more information or additional questions, submit a support request.