Suppressions

Last updated: December 23, 2025

Suppressions in Cyrisma provide a controlled way to acknowledge and temporarily accept identified risk without performing remediation. Suppression is not a form of patching or mitigation. Instead, it represents a deliberate risk acceptance decision that removes findings from future scan results for a defined period.

This article explains how suppressions work, where they apply, and how they differ from mitigation and remediation workflows.

What Suppression Is (and Is Not)

Suppression is:

  • A temporary exclusion of specific findings from scan results

  • A way to manage known, accepted, or compensating-risk scenarios

  • Time-bound and reviewable

Suppression is not:

  • Remediation or fixing an issue

  • Automatic risk reduction

  • A replacement for patching or mitigation plans

Suppressions do not change system state. They only affect how findings are reported.

Types of Suppressions

Cyrisma supports two primary suppression categories, aligned to scan types.

Vulnerability Suppressions

Vulnerability suppressions can apply to:

  • CVEs

  • Open ports

  • Regulatory or compliance-related findings detected during vulnerability scans

These suppressions prevent the specified findings from appearing in future vulnerability scan results for the suppression duration.

Secure Baseline Suppressions

Secure Baseline suppressions apply to:

  • Individual configuration benchmarks

  • Policy or hardening controls within a secure baseline

These suppressions prevent the benchmark from appearing as non-compliant in future baseline scans.

Local vs Global Suppressions

Suppressions can be applied at two scopes.

Local suppressions:

  • Apply to a single host or target

  • Used when a finding is acceptable only on a specific system

  • Common for legacy systems or specialized workloads

Global suppressions:

  • Apply across all hosts within an instance

  • Used when a finding is intentionally accepted environment-wide

  • Reduce repetitive remediation or mitigation effort

Scope selection should reflect the true risk acceptance boundary.

How Suppressions Are Created

Suppressions can be created in two contexts.

From scan results:

  • Findings can be suppressed directly from scan history

  • This immediately excludes the item from future scans

From mitigation plans:

  • Suppression can be selected as an action when working within a mitigation plan

  • This documents risk acceptance as part of the mitigation workflow

Both methods result in the same suppression behavior.

Suppression Duration and Expiration

Suppressions are always time-bound.

The suppression duration is configured at the system level and applies to all suppressions within the instance.

Available durations:

  • 30 days

  • 60 days

  • 90 days

Once the suppression expires:

  • The finding reappears in future scans if still present

  • The item becomes eligible again for mitigation plans or remediation

This ensures suppressions are reviewed regularly and do not become permanent risk blind spots.

Impact on Scans and Mitigation Plans

Suppressed items:

  • Do not appear in future scan results while active

  • Are not included in new mitigation plans

  • Do not generate new mitigation workload

Existing mitigation plans:

  • Are not retroactively updated

  • Remain based on the original scan snapshot

If a suppression expires and the issue still exists, it will re-enter the remediation and mitigation workflow through new scans.

Suppression vs Mitigation vs Patching

Each represents a distinct decision path.

Suppression:

  • Accepts risk temporarily

  • Does not change system configuration

  • Requires periodic review

Mitigation plans:

  • Track and document actions taken against scan findings

  • Are static and scan-based

  • Do not auto-update after remediation

Patching and remediation:

  • Change system state

  • Address root causes directly

  • Require re-scanning to reflect improvement

Understanding these differences prevents misuse and ensures accurate risk reporting.

Summary

Suppressions in Cyrisma provide a structured, time-bound way to accept risk without remediation. By clearly separating suppression from patching and mitigation, Cyrisma ensures that risk acceptance remains intentional, visible, and reviewable rather than implicit or permanent.