Accepting a Risk

Purpose

This article describes how to accept a risk, to prevent it from appearing during the scans.

Introduction

The Accepting a Risk feature allows users to acknowledge a vulnerability that cannot be immediately mitigated, thereby preventing it from reappearing in future scans. This functionality is particularly useful when compensating controls are in place, or when the risk is deemed acceptable due to specific circumstances. Users can specify the duration for which the risk is accepted and provide a rationale for the decision. This approach helps maintain an accurate and manageable vulnerability management process by distinguishing between issues that require attention and those that are intentionally deferred.

Accepting a Risk

To accept a risk:

1. In the Portal, go to Findings > Vulnerabilities.

2. Select a vulnerability and right click it to open the context menu.
   

   

3. In the context menu, select Accept Risk.

4. Fill in the date for how long the risk should be accepted to and a comment.
   

   

If no comment is given, a default message/comment stating “Transitioned finding status from <original status> to <new status> without user's comment." is saved as a activity log to assist with the reviewing of the finding’s history.

The customer can also transition non-SWAT findings from other status like FALSE_POSITIVE, FIXED or ACCEPTED.

Example:

5. Click Accept.

   

_Copyright

_{© 2025 Outpost24® All rights reserved. This document may only be redistributed unedited and unaltered. This document may be cited and referenced only if clearly crediting Outpost24® and this document as the source. Any other reproduction and redistribution in print or electronically is strictly prohibited without explicit permission.}

_Trademark

_{Outpost24® and OUTSCAN™ are trademarks of Outpost24® and its affiliated companies. All other brand names, product names or trademarks belong to their respective owners.}