# Lucidchart Import — Raw Mermaid Code

Lucidchart expects raw Mermaid syntax only — no markdown headings or prose.
Paste each diagram separately: Insert → Diagram as Code → Mermaid → paste → Generate.

---

## DIAGRAM 1 — Host Finding Review Workflow

Paste everything between the triple-backtick fences below:

```
flowchart TD
    START([Open Reporting Page]) --> SYNC

    SYNC["① Sync & Sort<br/>Click Sync · Sort Due Date ascending"]
    SYNC --> DUE{Overdue<br/>findings?}
    DUE -->|Yes — start here| HOST
    DUE -->|No — start with amber| HOST

    HOST["② Identify the Host<br/>Verify IP in IPControl / Infoblox"]
    HOST --> CORRECT{Hostname<br/>correct?}
    CORRECT -->|No| EDIT["Inline-edit Host / DNS cell<br/>Amber dot marks the override"]
    EDIT --> OWN
    CORRECT -->|Yes| OWN

    OWN["③ Identify Asset Ownership<br/>Check BU column"]
    OWN --> BU{Our BU?}
    BU -->|"NTS-AEO-STEAM or ACCESS-ENG"| CVE
    BU -->|"Other BU or blank"| CARD["Add to CARD Queue<br/>checkbox → CARD → Add to Queue"]
    CARD --> CARD2([Process in dedicated CARD session])

    CVE["④ Review CVEs in the Finding<br/>Up to 2 shown · hover badge for more"]
    CVE --> DBCHECK{CVE in<br/>database?}
    DBCHECK -->|No| ADDCVE["Create CVE entry on Home page<br/>NVD auto-fill populates details"]
    ADDCVE --> RESEARCH
    DBCHECK -->|Yes — review existing notes/docs| RESEARCH

    RESEARCH["Research CVE<br/>Vendor advisory · Cisco Bug Search<br/>Juniper PSN · Support ticket"]
    RESEARCH --> ACTION

    ACTION["⑤ Determine Required Action"]
    ACTION --> PATH{What does<br/>research show?}

    PATH -->|"Patch available — FW / SW update"| PA
    PATH -->|"Fix is config change only"| PB
    PATH -->|"Not applicable to platform / version"| PC
    PATH -->|"Cannot patch — vendor / EOL / business"| PD

    PA["PATH A — Remediation<br/>Firmware or Software Upgrade"]
    PA --> PA1["Plan & schedule upgrade<br/>Add note to finding row"]
    PA1 --> PA2(["Finding drops off after<br/>next Ivanti scan ✓"])

    PB["PATH B — Remediation<br/>Configuration Change"]
    PB --> PB1["checkbox → Vendor → Archer<br/>Add to Queue"]
    PB1 --> PB2["Open Archer EXC ticket<br/>in dedicated session"]
    PB2 --> PB3(["Enter EXC-XXXXX<br/>in finding Notes cell ✓"])

    PC["PATH C — False Positive"]
    PC --> PC1["Take device screenshot<br/>Hostname · IP · SW version"]
    PC1 --> PC2["Obtain vendor documentation<br/>advisory / email / support ticket"]
    PC2 --> PC3["Upload evidence to CVE database<br/>Home page → CVE row → Upload"]
    PC3 --> PC4["checkbox → Vendor → FP<br/>Add to Queue"]
    PC4 --> PC5(["Submit FP workflow in Ivanti<br/>in dedicated session ✓"])

    PD["PATH D — Risk Acceptance"]
    PD --> PD1["Take device screenshot<br/>Collect version info"]
    PD1 --> PD2{Vendor comms<br/>needed?}
    PD2 -->|Yes| PD3["Open vendor support ticket<br/>Request patch timeline / mitigations"]
    PD3 --> PD4
    PD2 -->|No| PD4["checkbox → Vendor → Archer<br/>Add to Queue"]
    PD4 --> PD5["Open Archer EXC ticket<br/>in dedicated session"]
    PD5 --> PD6(["Enter EXC-XXXXX<br/>in finding Notes cell ✓"])

    classDef step     fill:#1e3a5f,stroke:#0ea5e9,stroke-width:2px,color:#e2e8f0
    classDef decision fill:#1a2e1a,stroke:#10b981,stroke-width:2px,color:#e2e8f0
    classDef pathA    fill:#14391f,stroke:#10b981,stroke-width:1.5px,color:#e2e8f0
    classDef pathB    fill:#2d1f14,stroke:#f59e0b,stroke-width:1.5px,color:#e2e8f0
    classDef pathC    fill:#2d1414,stroke:#ef4444,stroke-width:1.5px,color:#e2e8f0
    classDef pathD    fill:#1a1430,stroke:#8b5cf6,stroke-width:1.5px,color:#e2e8f0
    classDef card     fill:#1a2e1a,stroke:#10b981,stroke-width:1.5px,color:#e2e8f0
    classDef done     fill:#0f172a,stroke:#475569,stroke-width:1.5px,color:#64748b

    class SYNC,HOST,OWN,CVE,RESEARCH,ACTION step
    class DUE,CORRECT,BU,DBCHECK,PATH decision
    class PA,PA1,PA2 pathA
    class PB,PB1,PB2,PB3 pathB
    class PC,PC1,PC2,PC3,PC4,PC5 pathC
    class PD,PD1,PD2,PD3,PD4,PD5,PD6 pathD
    class CARD,CARD2 card
    class EDIT done
```

---

## DIAGRAM 2 — FP Workflow Badge Status Decision Tree

```
flowchart LR
    A([Finding in Reporting Page]) --> B{"Check Workflow column"}

    B -->|No badge| C["UNTRIAGED<br/>No action on record"]
    C --> C1(["Follow the Step 1-5 triage workflow"])

    B -->|Blue - Requested| D["IN FLIGHT<br/>FP submitted · awaiting approval"]
    D --> D1{"SLA window<br/>approaching?"}
    D1 -->|No| D2(["Monitor — no action yet"])
    D1 -->|Yes| D3(["Follow up with the approver"])

    B -->|Amber - Reworked| E["NEEDS REVISION<br/>Reviewer returned the ticket"]
    E --> E1["Open ticket in Ivanti<br/>Review feedback"]
    E1 --> E2(["Update justification and resubmit"])

    B -->|Amber - Actionable| F["NEEDS RESPONSE<br/>Ticket flagged for team action"]
    F --> F1(["Open ticket in Ivanti<br/>Respond to the request"])

    B -->|Red - Expired| G["EXCEPTION LAPSED<br/>Finding has re-opened"]
    G --> G1(["Submit a new FP request in Ivanti<br/>Reference previous ticket"])

    B -->|Red - Rejected| H["CONFIRMED VULNERABILITY<br/>Security team denied the FP"]
    H --> H1(["Remediate the vulnerability<br/>Do not resubmit FP without new evidence"])

    classDef trigger fill:#0f172a,stroke:#0ea5e9,stroke-width:2px,color:#e2e8f0
    classDef blue    fill:#1e3a5f,stroke:#0ea5e9,stroke-width:1.5px,color:#e2e8f0
    classDef amber   fill:#2d2014,stroke:#f59e0b,stroke-width:1.5px,color:#e2e8f0
    classDef red     fill:#2d1414,stroke:#ef4444,stroke-width:1.5px,color:#e2e8f0
    classDef none    fill:#1a1a2e,stroke:#475569,stroke-width:1.5px,color:#94a3b8
    classDef done    fill:#0f172a,stroke:#334155,stroke-width:1px,color:#64748b

    class A,B trigger
    class D,D1,D2,D3 blue
    class E,E1,E2,F,F1 amber
    class G,G1,H,H1 red
    class C,C1 none
    class D2,D3,E2,F1,G1,H1 done
```

---

## DIAGRAM 3 — Action Decision Matrix

```
flowchart LR
    START(["Research complete — Step 4 done"]) --> Q{"What is the<br/>remediation path?"}

    Q --> R1["Firmware or software update available"]
    R1 --> A1(["No ticket needed<br/>Schedule upgrade · Add note to finding"])

    Q --> R2["Fix is a configuration change only"]
    R2 --> A2(["Archer EXC ticket required<br/>Stage as Archer in Queue"])

    Q --> R3["Not applicable to this platform / version"]
    R3 --> A3(["FP workflow in Ivanti<br/>Evidence in CVE database"])

    Q --> R4["Patch not yet available from vendor"]
    R4 --> A4(["Archer EXC ticket<br/>Renew when patch ships"])

    Q --> R5["Device is EOL / EOS or business constraint"]
    R5 --> A5(["Archer ticket with mitigation steps<br/>and remediation plan"])

    Q --> R6["Asset not owned by our BU"]
    R6 --> A6(["CARD queue — CARD disposition process"])

    classDef q     fill:#1e3a5f,stroke:#0ea5e9,stroke-width:2px,color:#e2e8f0
    classDef green fill:#14391f,stroke:#10b981,stroke-width:1.5px,color:#e2e8f0
    classDef amber fill:#2d2014,stroke:#f59e0b,stroke-width:1.5px,color:#e2e8f0
    classDef red   fill:#2d1414,stroke:#ef4444,stroke-width:1.5px,color:#e2e8f0
    classDef teal  fill:#0f2d2d,stroke:#14b8a6,stroke-width:1.5px,color:#e2e8f0

    class START,Q q
    class R1,A1 green
    class R2,A2,R4,A4,R5,A5 amber
    class R3,A3 red
    class R6,A6 teal
```