Drata checks whether your organization have any open critical vulnerabilities that have not been addressed (such as through a security fix or acceptance/exclusion) which is identified by the following connections in Drata.

Available connections:

This test is part of the Quarterly Vulnerability Scan control that ensures your company engages with a third-party to conduct vulnerability scans of the production environment as dictated by company policy and compliance requirements. This control also requires that scan results are reviewed by management with priority findings being tracked to resolution.

When the test fails, address your open critical vulnerabilities by either remediating them in listed connections or excluding them in the test result drawer.