FRD-FPVformerly FRD-ALL-29
False Positive Vulnerability
Definition
A detected vulnerability that is not actually present in an exploitable state in the information resource; this includes situations where vulnerable software or code exist on an machine-based information resource but are not loaded, running, or otherwise in an operating state required for exploitation.
Note
This only applies if the vulnerability is not and was not present; a remediated vulnerability or a fully mitigated vulnerability cannot also be a false positive vulnerability.
Also Referred To As
false positive vulnerabilityfalse positive vulnerabilities
Used in FedRAMP KSI Requirements
This term appears in FedRAMP Key Security Indicator statements. Understanding its precise definition is critical for accurate self-assessment.
Browse KSI themes →