CyberStrong February Product Update

The team at CyberSaint is thrilled to announce the latest additions and updates to the CyberStrong solution. To start, we’re expanding Phase 1 of Asset Management with custom types and attributes. Additionally, we’ve added status updates, schedule, and pause for Continuous Control Automation (CCA) and included the ability to adjust the control weight by risk template or scenario. 

The blog below provides more details about the latest updates to CyberStrong. 

CyberStrong Compliance Hub 

Custom Asset Groups Types and Attributes

To support CCA assets and expand Phase 1 of Asset Management, CyberStrong clients needed a way to define custom asset types and custom asset attributes. Phase 1 of Asset Management only supported preset asset types and four attributes:

• Confidentiality
• Integrity
• Availability
• Business Impact 

Now, we’ve updated Asset Management to support custom Asset Types and custom Asset Attributes. Attributes are shared across all Asset Types. Therefore, an Attribute must be defined before it can be added to an Asset Type. Attributes support the following value types:

• Text: A text field
• Numeric: A number field
• List: A list of values

When creating or editing an Asset Type, you can select which Attributes are associated.

When viewing an Asset, Attributes are visible from the Info tab and the Attribute tab.

Note: Future Asset Management releases will allow you to select which Attributes are “Required” by Asset Type and allow you to “Favorite” Attributes for view on the Asset Group Summary tab.

Continuous Control Automation Integration Status

CyberStrong clients can now track the status of their CCA assessment. They can track whether the assessment is running, failed, and the last run date. 

Now, users can view the status of each Integration Authentication. For each properly configured Integration Authentication, the following will be displayed:

• Status = Scheduled/Paused
• Last Run = Date/Time
• Result = Success/Failed

Continuous Control Automation Schedule and Pause

Previously, CyberStrong users couldn’t schedule and/or pause CCA.

Now, clients can schedule the automation with the ability to pause those schedules. This update supports the ability to: 

• Add “Schedule“ and “Pause“ actions to Assessments. 
• Schedule the frequency of CCA assessments
• Pause CCA assessments

CyberStrong Risk Hub

Control Weight by Risk Scenario

Clients needed a way to adjust the control weight by risk template or scenario. For example, controls that mitigate an availability risk may have different weights than controls that mitigate a confidentiality risk. Therefore, clients want to account for these differences.

Now, CyberStrong users can adjust control weights by risk template or scenario. By default, these weights are set globally by Control Type (Prevention, Detection, Response). 

This new feature allows the following:

• When associating controls to a risk template or scenario, expose the control weight for each control. 
  By default, the global control weights are set.
• Allow the control weight for each control to be changed.
• Use the updated control weight(s) when calculating residual risk for the associated risk.

Note: This function only supports NIST 800-30 risk assessments. The Control Weight cannot exceed 99% for any control, including controls with multiple Control Types. Additionally, if Control Types(s) are not assigned to a control, the default weight value is 0, which can be overwritten.