Would like to have the ability to perform a suppression on external scan data for insecure ports identified and mitigating controls or accept risk is in place. Key example is VPN port 4433 is open and by default is insecure. However, the requirement of user credentials, MFA, specified internal group membership, and other measures are in place to help mitigate the business accepted risk. Without suppression, the asset will negatively impact risk score for those items with compensating controls.