OverWatch - Update Severity definition

1. Very High
   • Critical updates that demand immediate attention due to severe security risks or breaking changes, including:
     • New or updated threat with a CVSS of “Very High”
     • New control with a CVSS-weighted priority of “Very High”
     • Updated control with a CVSS-weighted priority of “Very High”
     • Security Bulletin on a CVE with “Critical” CVSS
2. High
   • Significant updates that may introduce security risks or operational disruptions, including:
     • New or updated threat with a CVSS of “High”
     • Review a threat with a CVSS of “Very High”
     • New control with a CVSS-weighted priority of “High”
     • Updated control with a CVSS-weighted priority of “High”
     • Review a control with a CVSS-weighted priority of “Very High”
     • Security Bulletin on a CVE with “High” CVSS
3. Medium
   • Updates that introduce moderate security or operational concerns, including:
     • New threat with a CVSS of “Medium” or below
     • Updated threat with a CVSS of “Medium”
     • Review a threat with a CVSS of “High”
     • New control with a CVSS-weighted priority of “Medium” or “Low”
     • Updated control with a CVSS-weighted priority of “Medium”
     • Review a control with a CVSS-weighted priority of “High”
     • Security Bulletin on a CVE with “Medium” CVSS or below
4. Low
   • Minor updates with minimal security or operational impact, including:
     • Updated threat with a CVSS of “Low”
     • Review a threat with a CVSS of “Medium” or “Low”
     • New control with a CVSS-weighted priority of “Very Low”
     • Updated control with a CVSS-weighted priority of “Low” or below
     • Review a control with a CVSS-weighted priority of “Medium”, “Low”, or “Very Low”,
     • Change in the DFD
5. Info
   • General informational updates that do not pose security risks, including:
     • Grammatical changes
     • No change
6. On request
   • Updates covered only if requested by customers