TOP Mission VSD-H03: Vulnerability Remediation Tracking
Building a remediation tracking system that assigns ownership, enforces SLAs, and reports on vulnerability closure rates.
Last updated Apr 7, 2026Current
Continue your mission
Building a remediation tracking system that assigns ownership, enforces SLAs, and reports on vulnerability closure rates.
Building a remediation tracking system that assigns ownership, enforces SLAs, and reports on vulnerability closure rates. This mission is part of CDA's Theater of Operations Playbook (TOP), which organizes security work into structured, executable missions with clear objectives and measurable outcomes.
Organizations that neglect this area face increased risk of security incidents, compliance failures, and operational disruption. This mission addresses a specific gap in many security programs where reactive approaches leave organizations exposed to preventable threats.
Consistent execution of this mission produces measurable improvements in security posture and demonstrates due diligence to regulators, customers, and partners.
Before beginning this mission, ensure you have: executive sponsorship for the initiative, identified stakeholders and resource owners, baseline data about your current state, appropriate tooling or a plan to acquire it, and defined success criteria.
Step 1: Assessment. Evaluate your current capabilities against the mission objectives. Identify gaps, quantify risk, and document the current state as a baseline for measuring progress.
Step 2: Planning. Develop an execution plan with specific milestones, resource allocation, and timelines. Identify dependencies on other missions or organizational initiatives.
Step 3: Implementation. Execute the plan in phases, starting with the highest-risk gaps. Document configurations, decisions, and exceptions. Follow change management procedures.
Step 4: Validation. Verify that implemented controls function as designed. Test with realistic scenarios. Validate that metrics show improvement.
Step 5: Operationalization. Transition from project mode to operational mode. Define ongoing responsibilities, monitoring processes, and review cadences.
The most frequent failure mode is implementing a control without the operational processes to sustain it. A tool without staff trained to use it, an automated scan without someone reviewing results, or a policy without enforcement mechanisms all represent incomplete execution.
Another common mistake is failing to measure baseline before implementation. Without a starting point, you cannot demonstrate improvement to stakeholders.
Scope creep derails missions when teams try to solve adjacent problems simultaneously. Stay focused on the defined mission objectives and address related needs through separate missions.
Define both leading indicators (activities that predict outcomes) and lagging indicators (outcomes that measure past performance). Report metrics in terms that resonate with your audience: technical metrics for security teams, risk metrics for management, compliance metrics for auditors.
Track: current state vs. target state, time to achieve milestones, resource utilization, blockers and dependencies, and risk reduction achieved.
This mission maps to a specific domain within the Planetary Defense Model, connecting individual security activities to the broader organizational defense strategy. Progress feeds into campaign-level metrics that inform strategic priorities.
The Theater of Operations Playbook ensures this mission is executed with the same rigor and documentation as every other security initiative, enabling consistent improvement across the entire program.
CDA Theater missions that address topics covered in this article.
Cross-site scripting (XSS) is a web application vulnerability in which an attacker injects malicious JavaScript (or other client-side script) into a web page that is then executed in the browsers of other users who visit that page.
Server-Side Request Forgery (SSRF) is a web application vulnerability that allows an attacker to cause the server to make HTTP requests to unintended destinations.
Command injection is a class of attack in which an application passes unsanitized user input to an operating system shell, and the attacker uses shell metacharacters to append or substitute their own commands for execution.
Written by CDA Wiki Team
Found an issue? Help improve this article.