Update VS Report Body with Stakeholder Feedback

[KeithBonesJr]

💡 Summary

Please update the vulnerability scanning report to add clarification as requested from stakeholder. Please add instructions on accessing embedded attachments. Please update report card to include the last time the scope was updated/changed.

Motivation and context

In support of voice of customer feedback. We were requested to provide additional clarification on the difference between host address owned and host address scanned, add additional instructions on accessing embedded attachments, and last time the scope was changed.

Implementation notes

My recommendation is that we rename "Host Address Owned" to "Assets Owned" and remove "Host Address Scanned" as this number is not of value to stakeholder. Replace "Host Address Scanned" with the date where the stakeholder's scope was last updated. This will also fit once we incorporate domain and potentially IPv6 addresses later on down the road.

Also update the report card sentence to say "Host scan on all assets" instead.

Before Update

After Update

Add the following language to Appendix G:

If your PDF viewer supports embedded attachments you will see paperclip icons below for each attached file which includes additional report details. To access the attachments embedded within the report, open the report with a dedicated PDF reader (such as Adobe Acrobat), and click on the paper clip icon to the left of the attachment name.

Before Update

After Update

Add host scan and vulnerability scan to glossary

Additions highlighted in yellow below:

Acceptance criteria

• [ ] #105
• [X] Updated report card with Assets Owned instead of host address owned
• [X] Updated report card's first sentence with verbiage from the screenshot
• [X] Updated verbiage for Attachment G referenced above
• [X] Updated verbiage for Appendix H as mentioned and shown above

[KeithBonesJr]

Currently working on updating the issue requirements.

[KeithBonesJr]

@cfx47 can you come up with a FAQ or way to capture the difference between the two so we can update the requirements?

[KeithBonesJr]

Hey @dav3r can you transfer this to the cyhy-reports repository since I do not have the ability do so.

[dav3r]

@KeithBonesJr I can move this issue if you want, though as we discussed earlier, one of the items in this issue ("last scope update") will require changes to cisagov/cyhy-core, as well as cisagov/cyhy-reports.

Is there a particular reason you want to move this issue to cisagov/cyhy-reports? It's fine with me if this issue remains in this repo, but if you have a reason to move it, I'm interested in hearing it.

[KeithBonesJr]

No @dav3r we can keep it as is. I completely forgot about the mention of cyhy-core. We can keep it as is.

[KeithBonesJr]

@jeffkause I updated the requirements to show what has been completed. How do you want to proceed with the last requirement?