Dynamic Remediation for TLS/SSL Certificates findings is now available.
Once remediated, TLS/SSL Certificate findings no longer impact your rating. This can be achieved either by:
- Issuing a new certificate
- Taking the asset offline
- A combination of both.
This is reflected by the No: Remediated value for the Impacts Risk Vector Grade field.
Available in both regular scans and manual rescans requests.
Immediate rescan feedback for TLS/SSL Certificates is also available in a Beta Program, speeding up the remediation cycle.
Frequently Asked Questions
Q: How does Bitsight identify and remediate SSL Certificate findings?
SSL Certificates can be attributed to an entity for two reasons:
- Observed in assets—the certificate was found installed on assets associated with the entity.
- Listed in certificate—the entity’s assets are explicitly listed within the certificate’s fields (e.g., Subject Alternative Name).
Q: When are TLS/SSL Findings Considered to be Remediated?
A finding is considered remediated when all assets where the certificate was seen are addressed:
-
For Observed in assets, all affected assets belonging to the entity must either:
- Be taken offline, or
- No longer presenting the certificate.
-
For Listed in certificate, all sources (including third-party assets) where the certificate appears. We provide a complete list of all sources where the certificate was observed. If any third-party asset remains unremediated and is preventing remediation of the finding, it can be identified in that list. They must either:
- Be taken offline, or
- No longer have the certificate installed.
Feedback
0 comments
Please sign in to leave a comment.