Skip to end of metadata
Go to start of metadata
You are viewing an old version of this page. View the current version.
Compare with Current
View Page History
Version 1
Next »
Status Definitions:
| Title | Description |
|---|
| New | A new (and Open) item from the previous month’s scan (applies to continuous scans only, where apps are scanned after every release) |
| Open | Item remains in the product |
Closed - Fixed | Item has been fixed and framework has been addressed |
| Closed - Risk Accepted | Item has not been fixed, but the risk has been accepted by the organization |
| Closed - Compensating Control | Item has not been fixed, but other mitigations exist to prevent the issue from being exploited |
Severity Definitions:
| Title | Description |
|---|
| High | The type of data exposed is considered regulated PII, PCI, PHI, PFI, Confidential, Sensitive, or Private. Further, the exposure will lead to brand/reputational damage, compliance issues, and/or financial losses. |
| Medium | The type of data exposed may be considered regulated PII, PCI, PHI, PFI, Confidential, Sensitive, or Private. Further, the exposure may lead to brand/reputational damage, compliance issues, and/or financial losses. |
| Low | The type of data exposed could be considered regulated PII, PCI, PHI, PFI, Confidential, Sensitive, or Private. Further, the exposure could lead to brand/reputational damage, compliance issues, and/or financial losses. |
Exploitability Defintions:
| Title | Description |
|---|
| Easy | The data exposure is easy to exploit. |
| Moderate | The data exposure is moderately difficult to exploit. |
| Difficult | The data exposure is difficult to exploit. |
Date Type Descriptions:
| Title | Description |
|---|
| Public | Data is classified as public when unauthorized disclosure, alternation, or destruction would result in little or no exposure to an organization. |
| Private | Employee information, such as salary information, home addresses, Passwords, PINs, Passcodes, Usernames/User IDs, Call Information/History, SMS Information/History, Browsing Info/History, Geolocation Data, Account Numbers, Bill Pay Information, Secret Questions, Passport Numbers, Mother's Maiden Names, Phone Number, Driver License Number, SSNs, Date of Birth etc. |
| Confidential | Trade secrets, Intellectual property, financial information, company information, etc. |
| PFI: Personal Financial Information | Financial account number, credit score, account balances, Check Images |
PHI: Protected Health Information | Medical diagnosis codes, disease names, medication names, patient names, medical record number (MRN) |
| PII: Personality Identifiable Information | Social security number, national identification number, driver’s license number, email address, home address, phone number, Device IDs (UDID) |
| PCI: Payment Card Industry | Credit card numbers, Card Verification Value (CVV), expiration date |