Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
609
Views
1
Helpful
1
Replies

Difference between FN and PSIRT

RahmaSallm
Level 1
Level 1

‎11-30-2023 03:51 AM

Can someone please explain in plain English the exact difference between a Field Notice, a Product Security Incident Response and a Security Advisor? What is the problem that each of these explain and which is higher risk?

Also, what is meant by "potentially vulnerable" that I see in some FNs? I understand that vulnerable means that a specific image is affected and critical means serious consequences if not upgrade to a fixed version. But I'm not sure that I understand exactly the risks associated with "potentially vulnerable"

Labels:
0 Helpful
1 Reply 1

Eric R.
Cisco Employee
Cisco Employee

‎12-06-2023 10:44 AM - edited ‎12-06-2023 01:29 PM

In short, a Security Advisory is a type of publication issued by Cisco about specific vulnerabilities, while PSIRT is the team that manages these advisories and the overall response to product security incidents. On the other hand, a Field Notice is a communication from Cisco about significant but not necessarily security-related issues in their products, often requiring user action such as an upgrade or workaround.

Security Advisory 

This is a specific document that provides detailed information about security issues directly involving Cisco products and cloud-hosted services. It usually requires customer action like an upgrade or a fix and discloses vulnerabilities with a Critical, High, or Medium SIR (Security Impact Rating). This is typically the highest risk category, as it deals with direct security vulnerabilities. Reference: Security Vulnerability Policy 

Field Notice

When Cisco identifies a product issue, they conduct a thorough analysis and assess any necessary corrective actions. If the issue requires urgent user intervention, Cisco develops and publishes a Field Notice. These notices are key communications to customers, highlighting significant issues in Cisco products that may not stem directly from software defects. These issues typically require user actions like upgrades or workarounds. Field Notices serve as a proactive measure by ensuring that customers are well-informed and can maintain the functionality and performance of their products. Reference: Field Notice Overview

PSIRT (Product Security Incident Response Team 

This refers to Cisco's Product Security Incident Response Team (PSIRT) itself, not a document. The PSIRT is responsible for validating the affected and fixed version information documented in a Security Advisory. Essentially, it's the team that manages the response to security vulnerabilities in Cisco products, which includes issuing Security Advisories. Reference: Security Vulnerability Policy 

In terms of risk hierarchy, Security Advisories typically deal with the highest level of risk as they address direct security vulnerabilities. Field Notices, while important, may not always pertain to direct security threats but are vital for the overall functioning and reliability of Cisco products. The PSIRT oversees and manages these advisories and incident responses, playing a crucial role in maintaining Cisco's security posture.

 

What does it mean when a device is labeled as "Potentially Vulnerable"?

  • When Cisco, or your security appliance, labels a device as "potentially vulnerable" in a Field Notice or Security Advisory, it indicates a need for further validation by the user. This designation is used for various reasons. The reason they're marked "potentially vulnerable" could be for many different reasons. One reason could be that these devices may belong to a similar family or category of products that are vulnerable and still under investigation and need to be watched until more data is gathered. Another common scenario occurs when the Field Notice includes a workaround of fairly common commands or features that mitigate the impact. In such cases, either the security appliance cannot automatically confirm the device's status, or it requires manual verification by the user through CLI or GUI, This status acts as a caution, prompting users to personally inspect their devices, particularly if they feature unique or specific configurations that might not be automatically verifiable. 

 

Some additional terms...

Caveat

  • Warnings or cautions in Cisco documents that provide information about limitations in functionality, or about a bug that has been discovered in a specific software release. While a bug is a defect, a caveat is more of a notification about the bug or any limitation.

Bug

  • Software or firmware defect that has been identified in a Cisco product. These can range from minor issues, merely cosmetic or little to no impact, all the way to critical defects that might make a device unusable. Bugs have a severity level that indicates the priority of the defect, usually defined by Development managers

Let me know if you need additional clarification @RahmaSallm 

All I did was turn it off and back on. Now here I am.
Customers Also Viewed These Support Documents