Skip to main content

Vulnerability Remediation Exception

Request an exception for vulnerability remediation timeframe requirements.
Request via ServiceNow 

Contacts

EOTSS End User and IT Service Support

Phone

EOTSS End User IT Service Desk Call EOTSS End User and IT Service Support, EOTSS End User IT Service Desk at (844) 435-7629

Support for Commonwealth end users and IT support personnel

Online

ServiceNow Log in to ServiceNow 
Chat with us live! Log in and click "Chat now" 
Send us an email Email EOTSS End User and IT Service Support at MassGov@service-now.com
Learn more about this organization 

The Details

Features

Submit this exception request if identified vulnerabilities cannot be remediated in accordance with the requirements outlined in the Vulnerability Management Standard (IS.016). An exception may be granted only if the benefits of the exception outweighs the increased risks, as determined by the Enterprise Risk Management Office (ERM).

All requests for exceptions to vulnerability remediation requirements must include a plan to mitigate the vulnerabilities within a reasonable timeframe.

How to request

Request service via ServiceNow

Service Level Expectation (SLE)

Vulnerability Remediation Exception

SLEResponsibilities/Dependencies

Fulfillment:  Due to the variable nature of this request item, fulfillment time will differ on a case-to-case basis. SLE will be communicated following the finalization of customer requirements.

Customer

  • Responsible for adhering to the EOTSS Standard Rules of Engagement.
  • Responsible for submitting accurate information to EOTSS during the intake and discovery process.
  • Sharing complete requirements will ensure that accurate SLEs are provided and met.
  • Upon receiving approval from the Enterprise Risk Management Team, customers are responsible for initiating a new request for implementation. The ERM approval document should be attached to the implementation request.

EOTSS

  • Responsible for coordinating discovery meeting(s) with the customer.
  • Once all requirements are collected/finalized following intake and discovery, EOTSS will determine the appropriate SLE for the request and communicate to the customer.
  • Responsible for clarifying specific information regarding Enterprise Information Policies & Standards per the customer’s requirements
  • For approved requests ONLY: Responsible for communicating decision to the customer and providing the exception expiration date.

Contact

Phone
EOTSS End User IT Service Desk Call EOTSS End User and IT Service Support, EOTSS End User IT Service Desk at (844) 435-7629

Support for Commonwealth end users and IT support personnel

Online
ServiceNow Log in to ServiceNow 
Chat with us live! Log in and click "Chat now" 
Send us an email Email EOTSS End User and IT Service Support at MassGov@service-now.com
Learn more about this organization 

Help Us Improve Mass.gov  with your feedback

Please do not include personal or contact information.
Feedback