Effective vulnerability management requires strict access control and clearly delineated responsibilities. The CVD Portal implements a robust Role-Based Access Control (RBAC) system designed to align with the Cyber Resilience Act (CRA) requirements for data minimization and secure handling of sensitive vulnerability information. By assigning specific roles to your team members, you ensure that individuals only have access to the data necessary for their specific functions.
The portal provides several predefined roles: Administrators, Triage Coordinators, Technical Assessors, and Compliance Officers. Administrators have global access to portal settings and user management. Triage Coordinators are the first line of defense, responsible for initial intake, validation, and communication with external researchers. Technical Assessors are granted access to specific vulnerability details required to reproduce and patch the issue, while Compliance Officers have read-only access to audit logs and SLA metrics to ensure regulatory adherence.
Custom roles can also be configured to meet the unique structural needs of your organization. Every action performed within the portal, regardless of the assigned role, is immutably logged to provide a comprehensive audit trail. This level of granular control and accountability is vital for demonstrating compliance during regulatory audits and maintaining the confidentiality of unpatched vulnerabilities.