Summary: High-level overview of the remediation workflow.
The remediation workflow serves as acknowledgement that the vulnerability has been fixed or removed. For cases where an organization remediates a vulnerability, the RiskSense platform provides an option to mark that finding as a Remediation (RM).
Once a scanner finding/vulnerability is marked as remediated, that finding will remain remediated unless a scanner surfaces the vulnerability again when using Update Remediation by Assessment (URbA). If the scanner finds the vulnerability again, the finding will be marked as RM Reworked by Scan in the platform.
There are five states associated with the remediation workflow.
RM Requested: The remediation request was submitted and is awaiting manager approval.
RM Approved: The remediation request was approved by a manager.
RM Reworked: The manager received the remediation request but selected this option because the finding needs more justification for approval.
RM Approved by Scan: When using URbA, the scanner no longer found the vulnerability and automatically changed the vulnerability’s state to Approved.
RM Reworked by Scan: When using URbA, the scanner found the previously remediated vulnerability again and automatically changed the vulnerability’s state to Reworked.
When a manager receives the remediation request and outright rejects it, the state will revert to Assigned.