*5.2.1 Standardizing the actual risk vulnerability and remediation language*

The *vulnerability* column summarizes an identified system, data communication, or application weakness. The *vulnerability description* column gives a community-agreed-on weakness description. The *remediation* column briefly explains known techniques to remediate or mitigate the identified vulnerability.

### *5.2.2 Standardizing the actual risk likelihood and impact language*

The *likelihood* column provides standardized language for estimating the probability of the identified vulnerability exploitation given different threats. Currently every organization makes their own likelihood estimates. Organizations on different "sides of the physical street" with identical systems and surrounding mitigating controls, can label the risk likelihood entirely uniquely. The *impact* category approximates potential resulting consequence levels in the event a vulnerability or finding is realized.
