Network Audit Findings Report

Audit name:

This label appears in the brief, register, JSON, and document exports.

Audit date:

Use ISO format when possible so due-date pressure is calculated consistently.

Auditor or team:

Use a team name when several reviewers contributed to the audit.

Escalation threshold:

Choose the active finding severity that should trigger escalation in the brief.

Due-soon window:

Use a short window for weekly owner handoffs or a longer window for governance reporting.

days

Findings CSV:

Minimum rows can be severity, area, finding, owner; richer rows add asset, status, due date, evidence, and remediation.

Drop CSV or TXT onto the textarea.

Check audit inputs

{{ error }}

Priority	Severity	Area	Asset	Finding	Owner	Status	Due	Score	Copy
{{ row.priority }}	{{ row.severity }}	{{ row.area }}	{{ row.asset }}	{{ row.finding }}	{{ row.owner }}	{{ row.status }}	{{ row.dueDisplay }}	{{ row.score }}

Priority	Owner	Due state	Finding	Remediation	Evidence gap	Next action	Copy
{{ row.priority }}	{{ row.owner }}	{{ row.dueState }}	{{ row.finding }}	{{ row.remediation }}	{{ row.evidenceGap }}	{{ row.nextAction }}
No active remediation rows are open against the current threshold.

Report signal	Status	Evidence	Recommended wording	Copy
{{ row.signal }}	{{ row.status }}	{{ row.evidence }}	{{ row.wording }}

Export to PDF Fullscreen

Embed:

Customize

Include current inputs

Size

Advanced

Width

Height

Aspect ratio

Max height

Collapsible embed

Allow fullscreen

Referrer policy

Sandbox tokens

Network audit findings need more than a list of issues. A useful report shows which weaknesses matter first, which teams own the remediation work, which due dates are under pressure, and which evidence still needs to be tightened before the report is shared with operations, security, or management.

The same severity label can mean different things in different audit programs, so a findings report should keep severity, affected area, asset, owner, status, due date, evidence, and remediation text together. That context prevents a high-severity item with a clear owner and due date from being treated the same as a high-severity item with no owner, missing evidence, and no remediation sentence.

Network audit findings flowing from CSV rows into severity checks, status checks, an escalation gate, an owner queue, and an audit brief.

Audit reporting is also a handoff problem. A network team may know that an edge firewall rule, a core routing failover gap, or a legacy VLAN exposure needs attention, but the owner needs an action sentence and evidence reference before the item becomes manageable work. A report that separates owner coverage, due-date pressure, and evidence quality makes that handoff easier to review.

The result should not be read as an independent security assessment. It organizes the findings you provide and applies deterministic priority rules to them. The original test scope, evidence quality, risk acceptance process, and remediation validation still decide whether the audit record is complete.

Technical Details:

A network audit finding is a structured observation about a network area, asset, control weakness, owner, and expected correction. Good findings keep evidence close to the recommendation because severity alone does not explain what the owner must change or how the reviewer can confirm closure.

Severity labels in this report use a five-level scale: critical, high, medium, low, and info. The label sets the base priority score, then the report adds pressure for active status, overdue or near-term due dates, missing owner assignment, missing evidence, and missing remediation text. That scoring is a queue sort, not a universal risk model.

Rule Core

The priority score starts with severity and then adds operational pressure. The final score is capped at 130, so several gaps cannot push a row beyond the top scoring range.

Network audit finding score rules
Signal	Points	When It Applies
Critical severity	`100`	Severity text such as `critical`, `crit`, `urgent`, `P0`, `P1`, or `sev1`.
High severity	`75`	Severity text such as `high`, `P2`, `sev2`, or `major`.
Medium severity	`45`	Severity text such as `medium`, `moderate`, `med`, `P3`, or `sev3`.
Low or info severity	`20` or `5`	Low values receive `20`; unknown or informational values fall back to `Info` with `5`.
Active status	`+10`	Status is not normalized to `Closed` or `Accepted`.
Due date pressure	`+18` or `+8`	Overdue rows add `18`; rows due within the selected due-soon window add `8`.
Assignment and evidence gaps	`+8`, `+4`, `+4`	Unassigned owner adds `8`, missing evidence adds `4`, and missing remediation text adds `4`.

Priority labels are derived from the final score. P0 starts at 110, P1 starts at 85, P2 starts at 60, P3 starts at 35, and lower scores become P4. The label is useful for sorting owner work, but it should be checked against the original audit evidence before a remediation date or exception is approved.

Network audit priority score bands
Priority	Score Range	Typical Meaning
`P0`	`110` to `130`	Critical work or a severe row with active pressure, due-date pressure, or ownership gaps.
`P1`	`85` to `109`	High-priority remediation that should stay visible in owner handoff.
`P2`	`60` to `84`	Important finding that may need scheduling, evidence cleanup, or due-date review.
`P3`	`35` to `59`	Moderate or low item that still needs a clear owner and closure evidence.
`P4`	`0` to `34`	Lower-pressure item, informational note, or accepted cleanup row.

The escalation threshold is separate from the priority score. It checks active findings at or above the selected severity gate: Critical only, High or Critical, or Medium or higher. Closed and accepted rows do not trigger the escalation gate, but an overdue row can still remain visible in the remediation queue.

Accepted source rows and main report outputs
Area	Details	Why It Matters
CSV input	Header rows are accepted. The richest shape uses severity, area, asset, finding, owner, status, due, evidence, and remediation columns.	Complete rows create better register, queue, brief, chart, and JSON output.
Headerless input	Four-column rows are treated as severity, area, finding, and owner. Wider headerless rows use positional mapping and show a warning.	Unexpected column order can make owners, assets, or findings land in the wrong place.
`Finding Register`	All parsed rows, sorted by score, with priority, severity, area, asset, finding, owner, status, due date, and score.	Provides the full audit register for review and owner assignment.
`Remediation Queue`	Active rows and overdue rows with owner, due state, evidence gap, remediation, and next action text.	Turns findings into owner-facing remediation work.
`Audit Brief`	Executive position, scope coverage, ownership, due-date pressure, evidence quality, and prepared-by signals.	Gives a concise report narrative for handoff and governance review.
`Severity Area Map`	Severity counts grouped by audit area.	Shows whether pressure is concentrated in one network domain or spread across several areas.

Everyday Use & Decision Guide:

Start with a CSV export from the audit tracker, scanner triage sheet, firewall review, routing review, or remediation workbook. Use Audit name for the site, quarter, change, or control set that the report should name. Use Auditor or team for the group preparing the report, not the team that owns every fix.

Choose Escalation threshold before reading the top badge. High or Critical is a practical first pass for management review because it escalates active severe findings without letting medium cleanup dominate the headline. Use Critical only for a narrower executive signal, or Medium or higher when the review expects a stricter operational gate.

Use ISO-style due dates when possible. The due-state logic compares each due date with Audit date and the selected Due-soon window.
Keep owner names consistent. Network Team, network team, and a person name can all parse, but consistent owner text makes copied queues easier to assign.
Add evidence and remediation text before relying on Audit Brief. Missing evidence or missing remediation appears as an evidence-quality signal and adds score pressure.
Use Normalize CSV after parsing a messy paste. It rewrites the current rows with the full audit finding header so the next pass is easier to inspect.
Read Severity Area Map after the register looks right. The chart is useful only when area names map to real network domains such as edge firewall, core routing, wireless, switching, or operations.

A common misread is treating the priority label as the same thing as business risk. A P0 row may be critical because the severity is high and the owner is missing, while another high-risk business issue may be marked medium in the source CSV. Use the score to order the handoff, then verify the original evidence and risk acceptance notes before closing or escalating.

Selected CSV or TXT files are read by the browser for this report pass. Network audit data can contain internal hosts, rules, screenshots, and owner names, so sanitize pasted rows before sharing copied output, JSON, or a page state with another person.

Step-by-Step Guide:

Build the report from one audit snapshot so the register, queue, brief, chart, and JSON all describe the same finding set.

Enter Audit name, set Audit date, and fill Auditor or team. If either name field is blank, the warning panel tells you to fix it before using the report.
Choose Escalation threshold. The summary badge should later show either escalate or gate clear based on active findings at that severity or higher.
Set Due-soon window from 1 to 120 days. Rows due within that window become Due soon; past dates become Overdue.
Paste audit rows into Findings CSV, drop a CSV or TXT file, choose Browse CSV, or press Load sample. The source badge should show parsed rows rather than No source rows.
If the page says No usable finding rows were parsed from the CSV source., add rows with at least severity, area, finding, and owner. If the header warning appears, add a header row or confirm the positional mapping before trusting the tables.
Open Finding Register first. Check severity, owner, status, due date, and score for the top rows before using any brief wording.
Open Remediation Queue and review Due state, Evidence gap, and Next action. Fix unassigned owners and missing remediation sentences in the source rows when those fields are wrong.
Open Audit Brief for report wording after the register and queue look coherent. Use Severity Area Map and JSON only after the underlying rows have been checked.

A clean finish is a register with explainable priority order, a remediation queue whose owners can act, and a brief whose escalation status matches the audit policy.

Interpreting Results:

Read escalate or gate clear against the selected threshold, not against the total finding count. A large set of low findings can leave the gate clear, while one active critical finding can trigger escalation immediately.

Priority findings in the summary counts critical plus high findings. It does not include medium findings, even when the threshold is set to Medium or higher.
Score is a sorting number. It combines severity with active status, due-date pressure, owner coverage, evidence, and remediation text.
Overdue means the due date is before Audit date. Due soon means the date is inside the selected window.
Evidence missing or Remediation missing means the owner handoff is weaker. Add command output, configuration reference, screenshot note, test result, or action text before final sign-off.
Accepted and Closed rows do not count as active for the escalation gate, but an overdue date can keep a row visible in the remediation queue.

Use the chart as a concentration check. If one audit area dominates the severe rows, verify whether that reflects a real control problem or a source CSV that grouped too many findings under a broad area name.

Worked Examples:

Edge firewall finding triggers escalation

A row with Critical, Edge firewall, FW-EDGE-01, Any-source SSH rule is exposed to the internet, Security Network, Open, 2026-05-12 receives a critical base score and active-status pressure. With Escalation threshold set to High or Critical, the summary shows escalation, Finding Register places the row near the top, and Remediation Queue keeps the owner and next action visible.

Due-soon pressure changes the queue

Set Audit date to 2026-05-06 and Due-soon window to 14 days. A high row due on 2026-05-18 becomes Due soon and gains due-date pressure, while a row due after the window stays Scheduled. The useful result is the Due state column, because it shows which owners need a near-term handoff.

Accepted low item should not dominate the brief

A low finding for missing interface descriptions with status Accepted can still appear in Finding Register, but it does not count as active for the escalation gate. If the row has a due date in the past, it can still appear in Remediation Queue. That is a prompt to verify whether the acceptance is current or the due date is stale.

Headerless paste needs review

A four-column paste such as High,Wireless,Guest WLAN bypasses DNS filtering,Wireless Team parses as severity, area, finding, and owner. A wider paste without headers can map columns differently and show the header warning under Check audit inputs. Add a header row with severity, area, asset, finding, owner, status, due, evidence, and remediation before relying on Audit Brief.

FAQ:

What columns should my CSV include?

Use severity, area, asset, finding, owner, status, due, evidence, and remediation when you have them. The minimum useful row is severity, area, finding, and owner.

Why did the page warn about a missing header?

The parser did not find a header row with severity and finding-style columns. It then maps rows by position, which can be wrong when the source CSV uses a different order.

Does escalation mean the audit failed?

No. Escalation means at least one active finding meets the selected severity threshold. The audit owner still needs to check scope, evidence, risk acceptance, and remediation status.

Why is an overdue accepted row in the remediation queue?

The queue keeps active rows and overdue rows visible. If an accepted row is overdue, confirm whether the exception is still valid or the due date should be updated.

Are browsed CSV files uploaded?

Selected CSV or TXT files are read by the browser for this report pass. Treat copied rows, JSON, and shared page state carefully when findings contain internal network details.

Glossary:

Finding: An audit observation with enough detail for an owner to understand the weakness and expected correction.
Escalation threshold: The selected severity gate used to decide whether active findings should be escalated.
Due-soon window: The number of days after the audit date that marks a scheduled item as near-term work.
Evidence gap: A missing evidence reference, missing remediation sentence, or both.
Remediation queue: The owner-facing list of active or overdue findings sorted by priority score.
Severity Area Map: A chart that groups finding counts by audit area and severity.

References:

NIST SP 800-115, Technical Guide to Information Security Testing and Assessment, National Institute of Standards and Technology, September 2008.
NIST SP 800-30 Revision 1, Guide for Conducting Risk Assessments, National Institute of Standards and Technology, September 2012.
CIS Critical Security Controls Version 8.1, Center for Internet Security.