Vulnerability compensating controls can be attached to vulnerability exceptions to help justify the exception request if compensating controls are in place or in the process of being put in place. These compensating controls can be added by users with the Exception Create and Threats and Vulnerabilities View and Manage permissions or View and Update permissions. They can be added and viewed from the vulnerability exception's Information tab.
The Comp Controls tab of a vulnerability exception will show the vulnerability compensating controls for each entity the exception is attached to. It will only show vulnerability compensating controls in the Implemented or Pending status, and is read-only.
To add vulnerability compensating controls:
Navigate to Home > Exception Requests.
- Click on the exception you want to add a vulnerability compensating control to to display its Information tab.
- In the Vulnerability Compensating Control section, click Add.
- Click + next to any category you wish to open and click the checkbox next to any compensating controls you wish to add to the exception.
- Click OK.
To delete vulnerability compensating controls:
Navigate to Home > Exception Requests. Click on the exception you want to delete a vulnerability compensating control from to display it's Information tab.
- In the Vulnerability Compensating Control section, click the checkbox next to each compensating control you wish to remove from the exception and click Delete.
- Click OK.