The team at CyberSaint is thrilled to announce the latest additions and updates to the CyberStrong solution. To start off, we’ve made it easier to create an assessment and risk register from Asset Groups. Additionally, we’ve implemented revisions to benchmarking related to the NIST CSF and bulk update of compliance notes.
The blog below provides more details about the latest updates to CyberStrong.
Now that we have implemented Asset Groups within CyberStrong, users need a way to launch an assessment to assess the controls on the selected Asset Group.
From an Asset Group, CyberStronger users can create an assessment and link it to the Asset Group.
Enter the following fields to create an assessment:
Note: The frameworks and Teams/OUs must exist to create an assessment. The assessment is linked to the OU to which the Asset Group is linked. Advanced framework filtering based on Asset Group attributes or tags is out of scope.
CyberStrong clients can add Compliance Notes to the Bulk Update fields in Assessments as follows:
Note: Compliance Notes are for controls only. Annotations and POAMs are excluded from this.
Previously, we added Industry Benchmark data to the NIST CSF Function on the Home page and the NIST CSF Maturity graph on the Executive Dashboard, but not the NIST CSF Category on the Home page.
Now, CyberStrong users can access Industry Benchmark data to NIST CSF Categories on the Home page. The settings are based on the industry selections from the Home page.
Since CyberStrong users can leverage Asset Groups, they need a way to create a risk register and assign risk scenarios to that Asset Group.
Now, users can create a Risk Register from the Asset Group level. CyberStrong Users can assign risk scenarios and link them to the Asset Group. Risks can be added by Industry Risks or a bulk selection of risk templates.
Note: Only NIST 800-30 risk registers are currently supported. Risk Register is linked to OU that the Asset Group is linked to.
CyberStrong users who leveraged multiple risk registers needed a simple and easy way to select risk scenarios from specific risk registers. Currently, in remediation projects, there is no way to search for or filter by risk register—you can only filter by risk scenario and risk type.
Now, clients can add a risk register search filter to remediate project creation, as shown in step 2: Risk Scenario Content.
Before this update, CyberStrong Users could only select a look-back period of 10 years for Industry RIsks. Now, clients can select shorter ranges for look-back periods to reflect more current risks.
Clients can change the look-back period from the default 10 years to as low as 3 years. Once set, the value will be passed to the Industry Risks endpoint, which will return updated results.
Note: The default setting is 10 years; you can only integer values from 3 to 10 years. The updated risk values are processed on the next batch run, typically the next day.