cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 
Newcomer I

Re: Vulnerability Assessment/Reports

 

Thank you for your help!

Contributor I

Re: Vulnerability Assessment/Reports

The Defense Security Service has an actual template that you can use located at URL:

 

www.dss.mil/documents/rmf/Risk_Assessment_Report-Template_Sept_2016.docx

 

This template is consistent with guidelines outlined in the NIST SP 800-30, Guide for Conducting Risk Assessments

 

 

Respectfully,

Francis (Frank) Mayer, CISSP
Highlighted
Newcomer II

Re: Vulnerability Assessment/Reports

JJordan, 

I know you are looking for a sample report and I think some of the responses have pointed you in the right direction.  However, when creating your report keep the following things in mind:

 

1. Know your audience.  This will guide you in your writing style and whether you should be super detailed or give the executive message.

 

2. Identify the message you are trying to convey and shape your report accordingly.

 

3. Align your report to the business.  (I believe you should highlight risks associated with systems with the most value (check the BIA) and those with the most exposure (DMZ hosts).  Protect your crown jewels.)

 

4. Keep the report as short as possible.  If a lot of details are required, then add it to a secondary report.  Most people will not read a long report.

 

5. Ensure you have established metrics for your program so management and administrators know who well they are executing.