Process Countermeasures
What are Process Countermeasures?
Process Countermeasures are related to activities for securing the SDLC regardless of technologies, frameworks, or languages used for development. Activities guide teams responsible for day-to-day security operations. These Countermeasures appear in the Activities phase of SD Elements.
-
See Phases for more information.
-
See Automations for more information.
Why are Process Countermeasures automated?
Some Countermeasures related to processes are automated to better ensure compliance with securing the software development lifecycle.
The following process Countermeasures will automatically be marked as complete or incomplete based on two scenarios.
-
T1368: Perform security testing using SAST tools
-
T1369: Perform security testing using DAST tools
-
T1893: Perform a cloud solution security posture assessment
-
T1915: Perform network vulnerability assessment
-
T1921: Avoid obtaining code (source or mobile) from untrusted sources such as public Internet
Scenario 1
When you run the following verification tools, certain Process Countermeasures automatically transition to 'Complete' based on the type of scan run and if there are no high or critical findings:
-
Microfocus Fortify and WebInspect
-
HCL AppScan Standard and Source
-
SonarQube
-
OWASP Dependency Check
-
OWASP Dependency Track
-
Checkmarx
-
Coverity
-
Threadfix
-
Veracode (File Upload)
-
Nessus
-
Mend (formerly WhiteSource)
-
Klocwork
-
Black Duck
-
Fortify on Demand
A process Countermeasure is automatically transitioned to 'Complete' only if its corresponding verification scan has run with zero high and zero critical findings. If a process Countermeasure remains 'Incomplete' after a scan has been run, you may need to triage the scan’s findings. |
Scenario 2
Process Countermeasures that have previously been marked as 'Complete' reopen if a SAST scan has not been run and results are imported into SD Elements within a predefined time threshold:
-
For Countermeasure 1921, its status automatically transitions to 'Incomplete' when more than 90 days have passed since you ran an SCA scan.
-
For Countermeasure 1915, its status automatically transitions to 'Incomplete' when more than 90 days have passed since you ran an Infrastructure scan.
-
For Countermeasure 1369, its status automatically transitions to 'Incomplete' when more than 90 days have passed since you ran a DAST scan.
Time thresholds
In either scenario, the Beta version of Automations only supports preset automation criteria and frequency thresholds. For questions or inquiries about modifying these thresholds, please contact your Customer Success representative.