Should that occur, administrators can request risk acceptance for the vulnerability in question so long as justification and details on other related mitigations are provided. STIGs are focused on system security, not necessarily availability, and some settings may break system functionality. STIG packages include a revision history, STIG checklists, and an executive summary document that explains key concepts related to the STIG.Īs with any new system update or implementation, ensure your backups are functioning, and systems are recoverable in the event a STIG item remediation causes a system failure. STIGs can be accessed at cyber.mil in a document library maintained by DISA. CAT 3-These vulnerabilities may lower the overall security posture of the system but will not directly cause a cybersecurity incident or system failure.In some cases, CAT 2, if left unresolved, can cause related CAT 1 vulnerabilities. CAT 2-Although a serious risk of a security incident is still present, exploitation of a CAT 2 vulnerability is less likely to compromise data integrity and system availability than CAT 1.These vulnerabilities pose a direct threat to data integrity and system availability.
CAT 1-Poses the most serious risk of exploitation and the most significant threat to the broader network or system in which vulnerability is found.
0 kommentar(er)
