Lorem ipsum dolor sit amet. Et ducimus earum in veniam eligendi eos expedita ipsa sed accusantium voluptas id rerum atque et dolores aspernatur.
Private
This is my scope!!!
efacb457-8f91-4223-ab01-2ce1c9fdbb8c
Impacts
Impact
Description
Impact
Financial Loss
fbedberbrebrebrebnr
Moderate
Risks
Risk
None
Risk
Description
Type
Overall Risk
1
Sample
Threat
Major
2
Another Sample
Risk
Critical
3
3333
Risk
Major
4
2222
Risk
Medium
5
1111
Risk
Critical
Severe
5
2
Major
3
Moderate
4
Minor
1
Insignificant
Impact / Likelihood
Rare (0 - 5%)
Unlikely (5% - 15%)
Possible (15% - 40%)
Likely (40% - 90%)
Certain (>90%)
Threats
Threat: Enterprise
Internal
External
3rd Party
Technological
Physical
Execution - The adversary is trying to run malicious code.
Discovery - The adversary is trying to figure out your environment.
Command and Control - The adversary is trying to communicate with compromised systems to control them.
Exfiltration - The adversary is trying to steal data.
Controls
Control Coverage: 75%
Controls
Effectiveness
API.09
Consent - Ensure Consent has been provided to access and\or share data on behalf of a customer. For example: Consent has been provided for the authenticated User to access Claims history for another member on the same policy, consent is provided for a 3rd party to consume a customers data.
API.10
Parameters Sanitized - Ensure input\output parameters are sanitized and\or validated before being consumed to prevent attacks (e.g. SQL injection, cross-site scripting, buffer overflow).
Principles
Principles - Security Principles are the fundamental guidelines and best practices designed to protect information systems and data from threats and vulnerabilities.
Met
NIST 2.0
Effectiveness
ID
IDENTIFY (ID): The organization's current cybersecurity risks are understood
PR.DS
Data Security (PR.DS): Data are managed consistent with the organization's risk strategy to protect the confidentiality, integrity, and availability of information
Met
PR.DS-01
PR.DS-01: The confidentiality, integrity, and availability of data-at-rest are protected
PR.DS-02
PR.DS-02: The confidentiality, integrity, and availability of data-in-transit are protected
PR.DS-10
PR.DS-10: The confidentiality, integrity, and availability of data-in-use are protected
PR.DS-11
PR.DS-11: Backups of data are created, protected, maintained, and tested
Control
:
None
No Threat(s) found.
No Control(s) found.
Control Library
An error has occurred. This application may no longer respond until reloaded.
Reload🗙