Overview
This article explains how to create a mitigation plan in Cye Exposure Management Platform and start assigning findings to it. You'll learn how to define a plan, add findings, and use different views to monitor and adjust your progress.
If you haven’t created a mitigation plan before, this is where you start. You'll need an existing finding to assign — or create a plan first and add findings later.
When to Create a Mitigation Plan
You can create mitigation plans for different use cases, depending on how you want to manage risk. For example:
By team (e.g., a separate plan for the network team)
By severity (e.g., critical or high findings only)
By target exposure (e.g., to reach a specific exposure reduction goal)
Steps to Create a Mitigation Plan
In the left navigation bar, go to Assessments → Mitigation plans.
Click + Mitigation plan in the top-left corner.
In the Plan name field, enter a name for your new plan:
In the Time frame field, set the Start date and End date for when you'd like to complete the mitigation.
Tip: A three-month period is common, but you can continue working on the plan even after the end date.Click Create plan. You’ll see a confirmation that your plan was created successfully, and it will appear in the Plans list.
Adding Findings to a Plan
Once the plan is created, you’ll be prompted to start adding findings.
Option 1: From the Findings List
Click Go to findings list or go to Operations → Findings in the left navigation bar:
Click the ⋮ (three-dot icon) next to a finding.
Select Add to mitigation plan.
If the finding is already in a plan, you’ll see options to Remove from mitigation plan or Move to another mitigation plan.
In the Plan name dropdown, select the plan you just created:
Click Add.
Now, this finding — and all of its remediation assets — appear in your plan:
Option 2: From the Org. Attack Graph
You can also create a plan directly from the Mitigation Planner and add findings there. See: [Creating a Plan from the Planner]
Reviewing Plan Details
Expand any plan in the Plans list to view its findings.
Expand individual findings to see associated remediation assets.
Plan Details in the Right Pane
Overview tab – Basic info about the plan.
History tab – Tracks who made changes and when:
Important notes
Each finding can only belong to one plan at a time.
You must have at least one plan created before you can add a finding to it.
If you're organizing by team, severity, or risk reduction goals, it's best to define those upfront.
Wrap-up / Next Steps
Creating a plan is the first step in getting organized about remediation. Whether you're slicing by team or by risk level, the Cye platform provides the controls to track and manage every step along the way.
Once you’ve built a plan, the next move is understanding what kind of impact it’s going to have.