Vulnerability Scan Remediation Tracking

Inspection template for tracking critical and high vulnerability findings from scan discovery through remediation ticketing and verification rescan within SLA windows.

Inspection Details

• Scan report identified and in scope for this inspection
  Confirm the vulnerability scan report, asset scope, and scan date are available for review.
• Inspection date and reviewer recorded
  Record when the remediation tracking review was performed and by whom.
• Environment or business unit
  Identify the environment, application, site, or business unit covered by the scan findings.
• Reference document or scan source
  Enter the scan tool name, report ID, or reference link used to trace findings.

Critical and High Findings

• Critical findings are documented with asset, CVE or finding ID, and severity
  Each critical finding should be traceable to a specific asset and finding identifier.
• High findings are documented with asset, CVE or finding ID, and severity
  Each high finding should be traceable to a specific asset and finding identifier.
• Finding count by severity
  Enter the number of critical and high findings included in the remediation tracking review.
• Findings have clear remediation owners assigned
  Each finding must have a named owner or accountable team.
• Exceptions or compensating controls documented for any deferred finding
  Document approved exceptions, risk acceptance, or compensating controls for findings not remediated within SLA.

Remediation Ticket Tracking

• Remediation ticket created for each critical and high finding
  Verify each in-scope finding has a linked remediation ticket.
• Ticket ID or change record captured
  Record the ticket number, change request, or work item associated with the finding.
• Ticket owner and due date recorded
  Capture the assigned owner and the remediation due date or SLA target date.
• Ticket status reflects active remediation work
  Select the current remediation status for the tracked finding.
• Evidence attached to the ticket
  Confirm screenshots, patch records, configuration changes, or other evidence is attached.

SLA and Timing Compliance

• SLA window defined for the finding severity
  Select the applicable SLA target for remediation and verification.
• Days since finding was identified
  Enter the elapsed days from scan discovery to the current review date.
• Remediation completed within SLA window
  Confirm the fix was implemented before the SLA deadline.
• Verification rescan completed within SLA window
  Confirm a rescan or validation check was completed and the vulnerability no longer appears, or is otherwise formally accepted.

Closure and Audit Evidence

• Closure evidence includes before and after scan results
  Verify evidence shows the original finding and the post-remediation validation result.
• Residual risk or exception approval documented when applicable
  Document any approved risk acceptance, exception, or compensating control for unresolved findings.
• Corrective action summary completed
  Summarize the remediation action taken, validation outcome, and any follow-up required.
• Inspector signature or attestation
  Optional attestation by the reviewer confirming the tracking record is complete and accurate.