|“||[t]he act of correcting a vulnerability or eliminating a threat. Three possible types of remediation are installing a patch, adjusting configuration settings, or uninstalling a software application.||”|
|“||the process that an end-user goes through to clean up a botted computer so that it is no longer infected. In easy cases this may involve installing and running an anti-virus product. In more difficult cases, remediation may involve more substantial intervention up to "nuking and paving" the system — formatting it and reinstalling it from scratch, or at least from the last known-clean backup. Once the system is clean, or has been reinstalled, it will then normally be hardened to protect it from reinfection.||”|
Medical device Edit
|“||any action(s) taken to reduce the risk to the medical device's essential clinical performance to an acceptable level. Remediation actions may include complete solutions to remove a cybersecurity vulnerability from a medical device (sometimes known as official fix) or compensating controls that adequately mitigate the risk (e.g., notification to customer base and user community identifying a temporary fix, or work-around). An example of remediation is a notification to the customer base and user community that discloses the vulnerability and potential impact to ]essential clinical performance and provides a strategy to reduce the risk to the marketed device's essential clinical performance to an acceptable level. If the customer notification does not provide a strategy to reduce the risk to the marketed device's essential clinical performance to an acceptable level, then the remediation is considered incomplete.||”|
- ↑ NIST Special Publication 800-40), Ver. 2.
- ↑ U.S. Anti-Bot Code of Conduct (ABCs) for Internet Service Providers (ISPs), at 24.
- ↑ Postmarket Management of Cybersecurity in Medical Devices: Draft Guidance for Industry and Food and Drug Administration Staff, at 9.