When to use this
Use this tracker to record vulnerabilities, exposure, owners, treatment actions, due dates, retests, and closure.
Related controls
Tracker
| Vulnerability ID | Asset/system | Severity | Exposure | Owner | Treatment | Due date | Change ID | Retest result | Status |
|---|---|---|---|---|---|---|---|---|---|
| TBD | TBD | Critical/High/Medium/Low | Internet/internal/isolated | TBD | Patch/mitigate/accept | TBD | TBD | Pass/fail/TBD | Open/closed/accepted |
Minimum checks
- Asset owner assigned.
- Exposure and business impact considered.
- Treatment decision recorded.
- Due date aligns with risk.
- Retest evidence attached before closure.
- Accepted residual risk has approval.
- Template
- Iso27001
- Technological controls
- Vulnerability management
Note Metadata
Aliases: Vulnerability Remediation Tracker
Source: 90 Templates/Vulnerability Register and Remediation Tracker.md
Related Notes
- A.8.8 Audit Evidence Pack
- ISO 27001 A.8.8 - Management of Technical Vulnerabilities
- A.8 Technological Controls MOC
- A.8 Technological Controls Implementation Guide
- A.8 Technological Controls Audit Guide
- A.8 Technological Controls Implementation Audit Risk Mapping
- A.8.8 Audit Checklist
- Vulnerability Management Procedure
- Templates MOC