Important Update: Community URLs redirect issues are partially resolved. Learn More. .

Showing results for 
Search instead for 
Did you mean: 
Contributor III

FINAL NOTIFICATION FOR END OF PRIMARY SUPPORT (EOPS): Please be advised that this Platform version is no longer supported. Once a product reaches EOPS, RSA Archer Technical Support is no longer available under base support/maintenance agreements.


Extended Support is being offered only for Platform versions 5.5 through 5.5 SP4 through December 31, 2018, to those customers with a current maintenance contract as a prerequisite to an Extended Support purchase. Extended Support does not include Hot Fixes, best effort support only. For questions, please refer to the Product Version Life Cycle.


Contact your local Existing Accounts Manager with assistance in upgrading to a supported 6.x version. Thank you.






2016_RSA Archer GRC for light backgrounds.png

RSA Vulnerability Risk Management (VRM) takes a Big Data approach to helping security teams identify and prioritize high-risk threats.  Built on the RSA Archer platform, VRM helps organizations proactively manage IT security risks by combining asset business context, actionable threat intelligence, vulnerability assessment results, and comprehensive workflows.


The Vulnerability Analytics investigative interface allows IT security analysts to get alerts, explore results, and analyze issues as they arise.  A powerful and flexible rules engine highlights new threats, overdue issues, and changing business needs. For business and IT managers, VRM’s management module integrates VRM analytics with reporting, workflows, and a risk-management framework to enable data-driven security decisions.


Using VRM, an organization can effectively manage the entire vulnerability lifecycle, from detection and reporting through remediation and verification.


Key capabilities of VRM include:

  • Leveraging Big Data analytics to aggregate, standardize, and analyze massive amounts of IT security data
  • Creating and maintaining an accurate asset catalog
  • Prioritizing and classifying issues based on business context, threat intelligence, and vulnerability-scan results
  • Tracking issues over the entire lifecycle – detection, remediation, and verification
  • Managing issues, exception requests, and remediation workflows
  • Assigning, measuring, and reporting on vulnerability program KPIs



RSA VRM supports out-of-the-box integrations with:

  • McAfee Vulnerability Manager
  • QualysGuard Vulnerability Manager
  • Rapid7
  • Tenable Nessus
  • Tenable Security Center


RSA Vulnerability Risk Management Version 1.2 is the latest release and contains resolution of many customer reported issues, and provides improvements in usability, workflow, and reliability.


RSA VRM 1.2 is certified with:

  • RSA Archer GRC Platform 5.5 SP3 and 6.0
  • RSA Analytics Warehouse 10.3 SP4 and 10.4 SP




New license is required for RSA VRM solution.  If you have questions or require additional information about licensing, please contact RSA Archer at or call 1-888-539-EGRCpastedImage_1.png.



Login to RSA SecurCare Online ( for available software packages.



Updated RSA VRM 1.2 Documents include:

  • RSA_Vulnerability_Risk_Management_1.2_Installation_and_Configuration_Guide.pdf
  • RSA_Vulnerability_Risk_Management_1.2_Backup_and_Recovery_Guide.pdf
  • RSA_Vulnerability_Risk_Management_1.2_Upgrade_Guide.pdf
  • RSA_Vulnerability_Risk_Management_1.2_Release_Notes.pdf


RSA VRM 1.2 Documents that required No Updates include:

  • RSA_Vulnerability_Risk_Management_1.1_SP1_Practitioner_Guide.pdf
  • RSA Vulnerability Risk Management v1 1 SP1 - ACME Corp Use Case Study.pdf
  • RSA-Vulnerability-Risk-Management-Datasheet.pdf