Fandom

The IT Law Wiki

Remediation

32,196pages on
this wiki
Add New Page
Talk0 Share

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.

Definitions Edit

General Edit

Remediation is

[t]he act of correcting a vulnerability or eliminating a threat. Three possible types of remediation are installing a patch, adjusting configuration settings, or uninstalling a software application.[1]
the process that an end-user goes through to clean up a botted computer so that it is no longer infected. In easy cases this may involve installing and running an anti-virus product. In more difficult cases, remediation may involve more substantial intervention up to "nuking and paving" the system — formatting it and reinstalling it from scratch, or at least from the last known-clean backup. Once the system is clean, or has been reinstalled, it will then normally be hardened to protect it from reinfection.[2]

Medical device Edit

Remediation is

any action(s) taken to reduce the risk to the medical device's essential clinical performance to an acceptable level. Remediation actions may include complete solutions to remove a cybersecurity vulnerability from a medical device (sometimes known as official fix) or compensating controls that adequately mitigate the risk (e.g., notification to customer base and user community identifying a temporary fix, or work-around). An example of remediation is a notification to the customer base and user community that discloses the vulnerability and potential impact to ]essential clinical performance and provides a strategy to reduce the risk to the marketed device's essential clinical performance to an acceptable level. If the customer notification does not provide a strategy to reduce the risk to the marketed device's essential clinical performance to an acceptable level, then the remediation is considered incomplete.[3]

References Edit

  1. NIST Special Publication 800-40), Ver. 2.
  2. U.S. Anti-Bot Code of Conduct (ABCs) for Internet Service Providers (ISPs), at 24.
  3. Postmarket Management of Cybersecurity in Medical Devices: Draft Guidance for Industry and Food and Drug Administration Staff, at 9.

See also Edit

Also on Fandom

Random Wiki