Associate compensating controls with CVEs or TPEs for risk reduction requests

  • 릴리스 버전: Australia
  • 업데이트 날짜 2026년 03월 12일
  • 소요 시간: 3분

    • As a Vulnerability Manager or Analyst, you can associate relevant compensating controls with a Common Vulnerability Entry (CVE) or Third-party Entry (TPE) in the Vulnerability Manager Workspace, which can be used for reducing the risk posed by a vulnerability.

    시작하기 전에

    Role required: sn_vul.vulnerability_analyst, or sn_vul.vulnerability_admin

    이 태스크 정보

    • If you don’t associate compensating controls to a CVE or TPE, all the active controls appear in the Select Compensating Controls field of the Request Exception form.
    • If you associate a compensating control to a CVE, this compensating control is automatically associated with the TPE, which is mapped to the CVE.
    주:
    The compensating controls feature is available for host vulnerabilities only.

    프로시저

    1. Navigate to Workspaces > Vulnerability Manager Workspace.
    2. On the Lists page, under Libraries, open one of the following for which you want to associate the controls:
      • CVE from the CVEs list.
      • TPE from the TPEs list.
    3. Select Associate controls.
      주:
      The Associate controls button appears only when the risk reduction is enabled for a CVE or TPE. In other words, you can associate compensating controls only when risk reduction is enabled for a CVE or TPE. If the Associate controls button isn’t visible, select Enable risk reduction.
    4. On the Associate controls modal, select the compensating controls that can be applied to vulnerabilities associated with the CVE or TPE for risk reduction.
    5. Select Submit.
      • The associated compensating controls appear in the Applicable compensating controls tab in the record view of the CVE and TPE.
      • While a remediation owner requests risk reduction, these associated compensating controls appear in the Select Compensating Controls field on the Request Exception modal.