Test Output & Reporting
Unlock the complete study guide + 1,040 practice questions across 16 full exams.
Bundled into the existing Certified Information Systems Security Professional premium course — no separate purchase.
Included in this chapter:
- From raw output to a validated, risk-ranked finding
- The remediation lifecycle: report, track, retest, or accept
- Ethical and responsible disclosure
- Exam-pattern recognition
Reading a test result: the four outcomes
| Outcome | Tool says | Reality | Risk of trusting it |
|---|---|---|---|
| True positive | Vulnerability present | Vulnerability is present | None, a real finding to remediate |
| False positive | Vulnerability present | No vulnerability | Wasted remediation effort; erodes trust in the report |
| False negative | Nothing wrong | Vulnerability is present | Highest, a real exposure ships unreported and unfixed |
| True negative | Nothing wrong | No vulnerability | None, correctly clean |
Cheat sheet
Unlock with Premium — includes all practice exams and the complete study guide.
Also tested in
References
- NIST SP 800-115, Technical Guide to Information Security Testing and Assessment Whitepaper
- NIST Computer Security Resource Center, Glossary: CVSS (Common Vulnerability Scoring System) Whitepaper
- NIST SP 800-53A Rev 5, Assessing Security and Privacy Controls in Information Systems and Organizations Whitepaper
- NIST SP 800-37 Rev 2, Risk Management Framework for Information Systems and Organizations Whitepaper
- FIPS 200, Minimum Security Requirements for Federal Information and Information Systems Whitepaper
- NIST SP 800-216, Recommendations for Federal Vulnerability Disclosure Guidelines Whitepaper