Problem

Several customers require CVSS-driven remediation SLAs. Today our risk surveys generate scenarios, but we don’t natively score/track vulnerabilities against CVSS v3.1 nor enforce time-bound fixes.

Proposal

Add first-class CVSS support so teams can ingest CVEs from scanners, calculate/display scores, and auto-enforce remediation SLAs. This aligns with ISO/IEC 27001:2022 A.8.8 – Management of technical vulnerabilities and strengthens audit evidence.