Associate compensating controls with CVEs or TPEs for risk reduction requests

  • リリースバージョン: Australia
  • 更新日 2026年03月12日
  • 所要時間:3分

    • As a Vulnerability Manager or Analyst, you can associate relevant compensating controls with a Common Vulnerability Entry (CVE) or Third-party Entry (TPE) in the Vulnerability Manager Workspace, which can be used for reducing the risk posed by a vulnerability.

    始める前に

    Role required: sn_vul.vulnerability_analyst, or sn_vul.vulnerability_admin

    このタスクについて

    • If you don’t associate compensating controls to a CVE or TPE, all the active controls appear in the Select Compensating Controls field of the Request Exception form.
    • If you associate a compensating control to a CVE, this compensating control is automatically associated with the TPE, which is mapped to the CVE.
    注:
    The compensating controls feature is available for host vulnerabilities only.

    手順

    1. Navigate to Workspaces > Vulnerability Manager Workspace.
    2. On the Lists page, under Libraries, open one of the following for which you want to associate the controls:
      • CVE from the CVEs list.
      • TPE from the TPEs list.
    3. Select Associate controls.
      注:
      The Associate controls button appears only when the risk reduction is enabled for a CVE or TPE. In other words, you can associate compensating controls only when risk reduction is enabled for a CVE or TPE. If the Associate controls button isn’t visible, select Enable risk reduction.
    4. On the Associate controls modal, select the compensating controls that can be applied to vulnerabilities associated with the CVE or TPE for risk reduction.
    5. Select Submit.
      • The associated compensating controls appear in the Applicable compensating controls tab in the record view of the CVE and TPE.
      • While a remediation owner requests risk reduction, these associated compensating controls appear in the Select Compensating Controls field on the Request Exception modal.