The IT Law Wiki

Definitions[]

General[]

Remediation is

[t]he act of correcting a vulnerability or eliminating a threat. Three possible types of remediation are installing a patch, adjusting configuration settings, or uninstalling a software application.[1]
the process that an end-user goes through to clean up a botted computer so that it is no longer infected. In easy cases this may involve installing and running an anti-virus product. In more difficult cases, remediation may involve more substantial intervention up to "nuking and paving" the system — formatting it and reinstalling it from scratch, or at least from the last known-clean backup. Once the system is clean, or has been reinstalled, it will then normally be hardened to protect it from reinfection.[2]

Medical device[]

Remediation is

any action(s) taken to reduce the risk to the medical device's essential clinical performance to an acceptable level. Remediation actions may include complete solutions to remove a cybersecurity vulnerability from a medical device (sometimes known as official fix) or compensating controls that adequately mitigate the risk (e.g., notification to customer base and user community identifying a temporary fix, or work-around). An example of remediation is a notification to the customer base and user community that discloses the vulnerability and potential impact to ]essential clinical performance and provides a strategy to reduce the risk to the marketed device's essential clinical performance to an acceptable level. If the customer notification does not provide a strategy to reduce the risk to the marketed device's essential clinical performance to an acceptable level, then the remediation is considered incomplete.[3]

References[]

See also[]