Glossary
70
Static site
A static site is a collection of assets that are targeted for scanning and that have been manually
selected. Asset membership in a static site does not change unless a user changes the asset list
in the site configuration. For more information, see
Dynamic site
on page 62 and
Site
on page 69.
Temporal risk strategy
One of the built-in risk strategies, Temporal indicates how time continuously increases likelihood
of compromise. The calculation applies the age of each vulnerability, based on its date of public
disclosure, as a multiplier of CVSS base metrics for likelihood (access vector, access complexity,
and authentication requirements) and asset impact (confidentiality, integrity, and availability).
Temporal risk scores will be lower than TemporalPlus scores because Temporal limits the risk
contribution of partial impact vectors. See
Risk strategy
on page 67.
TemporalPlus risk strategy
One of the built-in risk strategies, TemporalPlus provides a more granular analysis of vulnerability
impact, while indicating how time continuously increases likelihood of compromise. It applies a
vulnerability's age as a multiplier of CVSS base metrics for likelihood (access vector, access
complexity, and authentication requirements) and asset impact (confidentiality, integrity, and
availability). TemporalPlus risk scores will be higher than Temporal scores because
TemporalPlus expands the risk contribution of partial impact vectors. See
Risk strategy
on page
67.
Total risk
Total risk is a setting in risk trend report configuration. It is an aggregated score of vulnerabilities
on assets over a specified period.
United States Government Configuration Baseline (USGCB)
The United States Government Configuration Baseline (USGCB) is an initiative to create
security configuration baselines for information technology products deployed across U.S.
government agencies. USGCB evolved from FDCC, which it replaces as the configuration
security mandate in the U.S. government. The Policy Manager provides checks for Microsoft
Windows 7, Windows 7 Firewall, and Internet Explorer for compliance with USGCB baselines.
Performing these checks requires a license that enables the Policy Manager feature and USGCB
scanning. See
Policy Manager
on page 65 and
Federal Desktop Core Configuration (FDCC)
on
page 62.
Unmanaged asset
An unmanaged asset is a device that has been discovered during a scan but not correlated
against a managed asset or added to a site’s target list. The application is designed to provide