The team at CyberSaint is thrilled to announce the latest additions and updates made to the CyberStrong solution. These latest updates will empower you to benchmark your organization’s maturity against industry standards, compare changes in FAIR-based assessments, customize heat maps, and upload and centralize control evidence for easy visibility and accessibility.
Additionally, we’ve updated custom reporting templates and improved industry risk settings that allow users to select primary and secondary industries. This update includes initial steps to improve multi-tenancy with more flexibility and less complexity.
Discover details about the latest changes to CyberStrong below:
Previously, the industry risk settings only supported the first two digits of the NAICS codes. This is too high for most industries to get more specific risks. Now, CyberStrong users can select more focused results with access to the third digit of the NAICS code via a secondary industry filter. This is an optional field that clients can use to select their primary and secondary industries.
Note: Some primary industries do not have secondary industries; therefore, the secondary industry is the same as the primary industry
With the ability to automatically reevaluate risks in the CyberStrong platform, users could not compare the changes in FAIR risks. Users could track and monitor the changes for NIST 800-30 risks but not for FAIR.
In this latest update, we have added pre (Inherent) and post (Residual) risk curves to the FAIR risk register. These updated curves track the changes from the original Inherent and subsequent Residual settings based on the control state. This will empower users to compare and monitor risk changes over time.
The CyberStrong platform has leveraged industry risk benchmarking data to enhance risk evaluations, but the data was not displayed anywhere within the solution, and customers wanted a way to compare their maturity to the industry benchmark.
Now, the benchmarking data is visible in multiple locations based on your user settings. You can find the data in the Executive Dashboard, the NIST CSF Maturity graph, and the Home Tab in the NIST CSF Function spider chart.
Note: The NIST CSF Category spider chart is not included in this update but will be in the future.
Previously, the CyberStrong heat maps supported three sizes: 3x3, 4x4, and 5x5. However, considering industry updates and risk measurement changes, like the Security Control Framework (SCF), certain frameworks require 6x6 heat maps. The new heat maps also include more options for color customization.
In this release, we included a 6x6 heat map and now support all variations from 3x3 to 6x6, including NxM, where N and M are both sizes between 3 and 6. This update allows customers and partners to flexibly create 3x5, 4x6, 5x4, etc. heat maps.
Previously, once a custom Word report template was added to your CyberStrong environment, it could not be deleted. Customers and partners needed a way to remove older templates or templates with errors.
We have now included the ability to delete incorrect or old Word report templates for users and partners.
Before this update, we only allowed evidence to be added via an external link to another document repository. Customers and partners needed the ability to upload evidence directly into CyberStrong.
Now, the CyberStrong platform supports uploading and/or linking external artifacts in the platform. All files are centrally stored within the Central Artifact Repository, allowing administrators to view and manage all artifacts centrally. This update will aid users in control evidence processes.
Note: All documents uploaded are scanned for viruses and malicious content
Our existing multi-tenancy capabilities, which leverage Teams, have been a bit complex and confusing. In addition, customers have asked for more flexibility in defining custom roles to provide access to the platform.
In this update, we will begin to release a series of enhancements to implement a new hierarchical role-based access control system. This system will solve multi-tenancy complexities and allow CyberStrong customers more flexibility with custom roles. The first phase will support organizational units (OUs), which allows customers and partners to define their own hierarchy within the platform. As part of defining these OUs, customers and partners can map which Teams can access each OU. This change will help migrate roles and permissions in subsequent phases.
Notes: Only Teams assigned one of the following elements in the platform can be linked to OUs:
As part of this change, we’re encouraging customers and partners to schedule a meeting with the Product Success team to help them with the OU to Teams mappings before the next phase, which is a migration of the current default roles to the new hierarchical role-based access control system.
With version 3.57, to be released on June 29, 2024, new CyberStrong reports will be more dynamic and can be customized according to the user’s needs. Customers and partners have asked for the ability to export any and every field from the platform to support their own custom reporting needs.
Now, the CyberStrong platform supports a custom reporting capability that allows customers and partners to define the fields they want to export as .csv files. Custom report templates can be created, saved, and downloaded as customers and partners need. The following custom report templates are supported:
Currently, remediation targets are set by CSF Category and Function, a collection of controls. Customers and partners needed a way to set remediation targets by control, not CSF Category and Function.
With version 3.57, to be released on June 29, 2024, the CyberStrong platform will allow customers and partners to select which controls will be included in the remediation project based on the selected risk scenarios. Once selected, customers and partners can set target scores for those controls.
Note: An improved RoSI calculation will follow this release. Based on each control's current and target scores, this calculation will be more accurate.
We’re including a sneak peek at our upcoming reporting tool, the KnightVision Report. Understanding priorities across multiple data points can be challenging. Where should customers and partners prioritize remediation based on their current risk posture, control implementation status, and emerging threats and vulnerabilities?
Customers and partners can use the KnightVision Report, which leverages Artificial Intelligence, to make recommendations based on your current risks, controls, threats, and vulnerabilities. This summary report helps customers and partners prioritize the right remediation projects.
Note: Users must enable this report to access it. Reports can be scheduled at a weekly or monthly cadence.