cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
JJordan
Newcomer I

Vulnerability Assessment/Reports

Would anyone out there have a vulnerability assessment/report they could provide to me so I can get a better understanding of what information, format and the length one should contain?

Thank you,
Justin Jordan
12 Replies
JJordan
Newcomer I

 

Thank you for your help!

Frank_Mayer
Contributor I

The Defense Security Service has an actual template that you can use located at URL:

 

www.dss.mil/documents/rmf/Risk_Assessment_Report-Template_Sept_2016.docx

 

This template is consistent with guidelines outlined in the NIST SP 800-30, Guide for Conducting Risk Assessments

 

 

Respectfully,

Francis (Frank) Mayer, CISSP EMERITUS
DGreen
Newcomer II

JJordan, 

I know you are looking for a sample report and I think some of the responses have pointed you in the right direction.  However, when creating your report keep the following things in mind:

 

1. Know your audience.  This will guide you in your writing style and whether you should be super detailed or give the executive message.

 

2. Identify the message you are trying to convey and shape your report accordingly.

 

3. Align your report to the business.  (I believe you should highlight risks associated with systems with the most value (check the BIA) and those with the most exposure (DMZ hosts).  Protect your crown jewels.)

 

4. Keep the report as short as possible.  If a lot of details are required, then add it to a secondary report.  Most people will not read a long report.

 

5. Ensure you have established metrics for your program so management and administrators know who well they are executing.