Control Compliance Suite

 View Only
  • 1.  CCS non compliance priority

    Posted Feb 20, 2017 03:47 AM

    Hi,

    Is the CCS capable of setting priority for the non compliance list for individual asset to help prioritise which on to address first?

     

    Rgds,

    Chee Khong



  • 2.  RE: CCS non compliance priority

    Posted Feb 20, 2017 05:12 AM

    Hi Chai CK,

    yes, CCS uses risk calculation based on which you can prioritize your non-compliant assets. CCS follows the Common Vulnerabilities Scoring System (CVSS) version 2 to calculate the risk that is associated with a particular asset. Risk is calculated using attributes of both asset and standard/check.

    Asset has following attributes:

    • Confidentiality
    • Integrity
    • Availability

    CCS standard/check have following attributes:

    • Confidentiality
    • Integrity
    • Availability
    • Access vector
    • Access complexity
    • Authentication

    How attributes are configured, look at the documentation, links are below.
    After you scan you asset and there are findings, following is calculated based on above attributes:

    • Compliance score
    • Risk score
    • Risk rating

    Sample:

    risk1.JPG

    Then in your web console you have dashboards that can display "Top 10 Assets with Highest Risk Score by Standard", "Top 10 Failed Checks by Standard", "Asset Compliance by Asset group", etc.

    For more details please check following links: