We know your pain and can empathize. You're tired of spending 40-60 hours a month documenting POA&Ms, reviewing many dozens of scans and hundreds of vulnerabilities. Constantly asking, “Is this a new or duplicate POA&M?”
Our goal is you never need to open scan files or spreadsheets again. Now you can automatically close resolved vulnerabilities and use duplicate detection to accurately create and update issues.
Set up your recurring assessments
Create assessment for the components in your boundary that require regular scanning. These assessments will help you track what needs to be continuously monitored and remediate the identified issues.
Select the component(s) that is the target of a monthly scan.
Open and close cycles based on assessment frequency. For example, your monthly FedRAMP ConMon Review. Closing cycles will automatically close resolved vulnerabilities and use duplicate detection to accurately create and update issues.
Start your intake workflow
Upload scans. These are automatically saved and associated as evidence of the issues discovered from your vulnerability and configuration scans.
Sometimes column headers of CSV files do not start on the first row. Easily identify and set the correct row once for easy reuse month after month.
Map the key scan file fields one time and then reuse it for each cycle. Set it up once. Reuse again and again.
If the scan file does not contain a detection date for new vulnerabilities discovered, you can set it to whenever the Scan Performed Date, which is by default the date you uploaded the file to Paramify.
If needed, you can also set a different Scan Performed Date for each scan file.
Identify records to be ignored
Some scan files contain results that you do not want to include with your issue and remediation management scope. Easily choose the fields and values that determine which records to ignore.
Map vulnerability risk levels to automatically set correct due dates.
Some risk levels should be ignored. You can set that by skipping those records.
Evaluate the effect your scan files will have on your issues. Issues will automatically be created, updated, or closed.
If certain issues should remain open despite not appearing in the latest scan files, you can flag them to prevent automatic closure.
Evaluate your issues properly before merging. Issues in your cycle will not be merged with the rest of your issues until you close the cycle.
CAUTION: Once you close an assessment cycle those changes can NOT be undone.
Comments
0 comments
Please sign in to leave a comment.