Reworking a Risk Acceptance

How to send a risk acceptance request back to the user for rework.

The risk acceptance workflow serves as acknowledgment that after evaluating a vulnerability, the cost to remediate the vulnerability is larger than the risk posed by the vulnerability itself. For cases where an organization accepts a vulnerability’s risk, the RiskSense platform provides an option to mark that finding as a Risk Acceptance (RA).

Only managers and group managers can send risk acceptance requests back to users for rework.

To rework a risk acceptance request, navigate to either the Network > Host Findings or Application > Application Findings pages. For this example, we will show you how to rework a risk acceptance using the Application > Application Findings page.

Application Findings Menu Location-1

Select the RA Requested finding(s) you want reworked by clicking the check box in the page’s first column. You may select several vulnerabilities at a time for reworking risk acceptance. If you are having trouble finding risk acceptance requests, see Filtering for Risk Acceptance Requests.

Risk Acceptance Rework - Selecting Application Findings

Click the Workflow button at the top of the list view.

Risk Acceptance Rework - Workflow Button Location

In the Workflow drop-down menu, click Rework under the Risk Acceptance category. This option can be used for single and multiple vulnerabilities.

Risk Acceptance Rework - Rework Risk Acceptance Menu Location

You may also select a single vulnerability and right click the line item to select workflow options from the pop-up menu. Note that using the right-click option only works for a single row, as designated in the screenshot below.

Risk Acceptance Rework - Rework Risk Acceptance Right Click Menu Location

Clicking Workflow > Risk Acceptance > Rework brings up the Rework Acceptance window.

Risk Acceptance Rework - Rework Acceptance Window

In the provided text box, enter the reason for reworking the risk acceptance request. Once complete, click Apply.

When a risk acceptance request is reworked, the state changes to RA Reworked, as shown below.

Risk Acceptance Rework - State Changed to RA Rework