• Vulnerability management
reporting
- Vulnerabilities
- Affected hosts
- Risk score
- Mitigation
- Recurrence
- Prioritization
• Compliance reports
• Action plans - Configuration management
- Patching
- Compensating controls
- Awareness, education, and
training - Changing business requirements
• Inhibitors to remediation - Memorandum of understanding
(MOU) - Service-level agreement (SLA)
- Organizational governance
- Business process interruption
- Degrading functionality
- Legacy systems
- Proprietary systems
• Metrics and key performance
indicators (KPIs) - Trends
- Top 10
- Critical vulnerabilities and
zero-days - SLOs
• Stakeholder identification
and communication