After vulnerabilities are identified in internal scans, what should be done?

When vulnerabilities are found, you don’t stop at fixing some of them; you remediate the issues and then run rescans to confirm that the fixes actually closed the problems, especially the high-risk ones. This verification step is essential to prove to auditors and your security program that the environment is secure and remains in compliance. Delaying remediation, waiting for a future quarter, or ignoring vulnerabilities because they seem low risk leaves exposure and undermines the vulnerability management process. By addressing the findings and performing rescans, you ensure that remediation was effective and that high-risk vulnerabilities are resolved before the next assessment.