![]() Typically legacy network devices, phone systems, printers and other embedded devices are the types of systems that sometimes require exclusion from scans. In these cases exclusions from regular scans can be granted. Sometimes, however, scans can negatively impact certain systems. OIS scans all public and private Penn State IP ranges for vulnerabilities. Installing the Splunk, Defender ATP and Nessus agents (if not already installed).Limiting connectivity via firewall rules and/or moving to RFC 1918 (aka private) IP space.Examples of compensating controls include: For an exception to be granted, OIS requires compensating controls be implemented in order to mitigate the risk of the vulnerability. Please use this ServiceNow form to request an exception. The system does not support the configuration needed to remediate the vulnerability.Systems running software that is not supported or is end-of-life that has proper justification.Systems that are scheduled to be decommissioned in the near future.Situations when an exception may be granted include: Sometimes, however, it might not be possible to remediate a vulnerability within this time frame, or the “vulnerability” may be a false positive. ![]() Vulnerability Exceptions & Scan Exclusions Vulnerability ExceptionsĪccording to the OIS Vulnerability Management Standard, vulnerabilities identified during scans must be remediated within a certain time frame depending on the severity of the vulnerability.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |