How to send a risk acceptance request back to the user for rework.
The risk acceptance workflow serves as acknowledgment that after evaluating a vulnerability, the cost to remediate the vulnerability is larger than the risk posed by the vulnerability itself. For cases where an organization accepts a vulnerability’s risk, the RiskSense platform provides an option to mark that finding as a Risk Acceptance (RA).
Only managers and group managers can send risk acceptance requests back to users for rework.
To rework a risk acceptance request, navigate to either the Network > Host Findings or Application > Application Findings pages. For this example, we will show you how to rework a risk acceptance using the Application > Application Findings page.
Select the RA Requested finding(s) you want reworked by clicking the check box in the page’s first column. You may select several vulnerabilities at a time for reworking risk acceptance. If you are having trouble finding risk acceptance requests, see Filtering for Risk Acceptance Requests.
Click the Workflow button at the top of the list view.
In the Workflow drop-down menu, click Rework under the Risk Acceptance category. This option can be used for single and multiple vulnerabilities.
You may also select a single vulnerability and right click the line item to select workflow options from the pop-up menu. Note that using the right-click option only works for a single row, as designated in the screenshot below.
Clicking Workflow > Risk Acceptance > Rework brings up the Rework Acceptance window.
In the provided text box, enter the reason for reworking the risk acceptance request. Once complete, click Apply.
When a risk acceptance request is reworked, the state changes to RA Reworked, as shown below.