A vulnerability assessment (VA) is a series of manual and automated processes and procedures used to assess and prioritize security vulnerabilities in a system (i.e. application and/or infrastructure). Conducting a VA helps to determine the security posture of the environment and the level of exposure to threats. A VA will identify vulnerabilities by evaluating if the system has the proper controls in place and will identify residual risks associated with a system.

See our Vulnerability Assessment FAQ page for answers to the following most frequently asked questions:

• What is a Vulnerability?
• What is a Vulnerability Assessment?
• When is a VA required?
• How do I Request a VA? What's the Process?
• Application Go Live - What's the Process?
• What is the Pre-VA Meeting?
• What prep is needed before the VA begins?
• How long does it take to conduct a VA?
• Who is responsible for remediating issues in the VA Report?
• What prep is needed before retest begins?
• Who approves the VA Report Response?