Drata

This test is part of the <b>SLA for Security Bugs </b>control that ensures your company tracks security deficiencies through internal tools and closes them within an SLA that management has pre-specified.

If Drata is unable to locate your Vulnerability Management Policy or finds that the policy has not been approved by the owner within the last 12 months the test will fail.

To remediate a failed test, you will need to ensure a Vulnerability Management Policy is uploaded and approved. If a policy has already been uploaded but requires approval, you will have the ability to notify the policy owner reminding them to 'approve' the policy.

Add a 'Vulnerability Management Policy' and ensure that the newly added policy is approved

1. Navigate to the Policy Center page
2. Add a 'Vulnerability Management Policy' and ensure that the newly added policy is approved

<a href="https://www.tripwire.com/state-of-security/vulnerability-management/things-good-vulnerability-management-policy-should-include/" rel="nofollow noopener noreferrer" target="_blank">4 Things a Good Vulnerability Management Policy Should Include</a>

- <a href="https://www.tripwire.com/state-of-security/vulnerability-management/things-good-vulnerability-management-policy-should-include/" rel="nofollow noopener noreferrer" target="_blank">4 Things a Good Vulnerability Management Policy Should Include</a>

Drata inspects your company records to determine if a Vulnerability Management Policy, that includes an SLA for P0 security bugs, is active.

Test: SLA for Security Bugs

Find answers and get help from Intercom Support and Community Experts

Empty Help Center

Uh oh. That page doesn’t exist.

Disappointed

Neutral

Smiley

Title

Track the progress of all tickets related to your company.

Tickets portal.

{assigneeName} needs more information from you