Drata checks whether your organization have any open high vulnerabilities that have not been addressed (such as through a security fix or acceptance/exclusion) which is identified by the listed connections in Drata

Available connections:

This test is part of the Quarterly Vulnerability Scan control that ensures your company engages with a third-party to conduct vulnerability scans of the production environment as dictated by company policy and compliance requirements. This control also requires that scan results are reviewed by management with high-priority findings being tracked to resolution.

When the test fails, address your open high vulnerabilities by either remediating them in listed connections or excluding them in the test result drawer.