This VM Dashboard will enable you to get instant dynamic visibility into your remediation SLAs as required FedRAMP. A single, dynamic dashboard that includes customizable views, graphs, and charts giving you a clear and comprehensive view of your threat landscape at a glance in real-time based on CVSS 3 Base Score. For detail on the FedRAMP requirements supported by this dashboard, see FedRAMP ConMon – Efficiently & Effectively Managing SLAs for RA-5d Requirement.
About Vulnerability Scoring
Common Vulnerability Scoring System (CVSS) is a free and open industry standard for assessing the severity of computer system security vulnerabilities. CVSS assigns severity scores to vulnerabilities, allowing responders to prioritize responses and resources according to the threat. Scores are calculated based on a formula that depends on several metrics that approximate ease of exploit and the impact of exploit.
CVSS Scores range from 0 to 10, with 10 being the most severe. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes. While many utilize only the CVSS Base score for determining severity, temporal and environmental scores also exist, to factor in the availability of mitigations and how widespread vulnerable systems are within an organization, respectively. The amount of work as security professionals we encounter daily given its an ever-changing environment is massive. That is where Qualys can provide the ability for quick dashboarding and views to key indicators to assist and prioritize your remediation work. #VisualizeDataNotCSVs
The FedRAMP Vulnerability Mitigation by SLA Dashboard
This VM Dashboard will enable you to get instant visibility based on CVSS Scores as defined by NIST:
The Dashboard tracks the following KPIs as per CVSS 3 Base Score:
Qualys Status "New, Active Reopened" By Severity
Qualys Status "Fixed" By Severity
Host-Based Count Widgets
TOP 50: High, Medium, Low
- Widgets as per FEDRAMP SLAs: 30, 90, 180
- Vuln Status
- First found per SLA days
- First found per SLA days & vulns published in per SLA day's
NVD Vulnerability Severity Ratings
NVD provides qualitative severity rankings of "Low", "Medium", and "High" for CVSS v2.0 base score ranges in addition to the severity ratings for CVSS v3.0 as they are defined in the CVSS v3.0 specification.
|CVSS v2.0 Ratings||CVSS v3.0 Ratings||FEDRAMP Remediation SLAs|
|Severity||Base Score Range||Severity||Base Score Range||Severity SLA Criteria.||Mitigation SLA|
Dashboard Demonstration Images
Example of quick help for tokens.
How to Enable Trending on the Widgets
- FedRAMP ConMon – Efficiently & Effectively Managing SLAs for RA-5d Requirement
- Documentation & Release Notes
Apply Tags to Organize Your Assets (online help)