Finding Incubation Period Exclusion

Finding Incubation Period Exclusion

Finding Incubation Period is the predefined period of time where the findings in your Bitsight portal do not impact your risk vector grade or your organization’s rating. This feature is applied to specific use cases, where the overall rating impact is very broad - covering a large number of Bitsight customers, especially arriving from the systemic changes in the product. The application criteria is defined by the Bitsight Product Management team and does not cover all new findings arriving to your portal.

Once the findings under the coverage of incubation are discovered through Bitsight internet wide scans, they do not impact your rating for a predefined period of time, which can be different for the different features it serves (e.g. 60 days, 90 days, 120 days, etc.) and there is no historical impact if the same or new observations come up after the incubation period. During this time, you can preview findings for your infrastructure. This allows you to proactively remediate these findings before they impact your rating.

While the findings are in incubation period, they are visible to third parties although they are not impacting your risk vector or rating. Once the incubation period ends, third parties will still see the any newly generated findings as they are observed.

Findings that are in the incubation period are valid findings and they are displaying the finding grades correctly without impacting the risk vector grade and they are excluded from the rating until the incubation period ends.

• Remediate and mitigate any issues and threats arising from the findings in the incubation period.

Identifying Findings that are in Incubation Period

• Findings Table: Identify findings in the Findings Table in incubation period by using the Impacts Risk Vector Grade filter with No: Incubation Period selected. 

• No Impact End Date column on the Findings Table: allows you to understand the date the finding would stay in the incubation period without impacting the risk vector grade and the rating of your organization.
• Bitsight Filter Set  “Incubation Period Findings”.

Finding Behavior During and After the Incubation Period

A new finding that is observed during the incubation period does not impact your rating. If a similar observation seen after the incubation period ends, a new finding is created that affects the rating as if it was first seen after the incubation period ended, without any historical impact. The lifetime of this finding begins when it is first observed after the incubation period ends.

• The finding observed during the incubation period does not impact your risk vector grade. Any eventual findings observed after the incubation period will impact risk vector grades from the date they are first seen after the incubation period.
• Diligence findings observed before and after the incubation period will have the same rolled up ID; Compromised Systems and User Behavior findings will have different rolled up IDs.