Content Pack Selector

The Content Pack Selector feature is currently in Beta.

The Content Pack Selector is hidden by default. If you want it turned on, contact sdesupport@securitycompass.com.

The Content Pack Selector (CPS) allows you to choose the category of content that you would like to have associated with all of your projects in SD Elements.

The project survey achieves the same goal, but selecting a content pack is much faster if you already know what kind of content your project requires.

The Content Pack Selector allows administrators to hide (deactivate) or display (activate) specific content groups for their organization through a user interface. By default, all content is active.

Content Packs

Content Packs hold a specific kind of content, such as Application Security and Compliance. You can also select a subcategory within them, such as Web Application or Cloud. You can think of Content Packs as specific groupings of default content in SD Elements. They are organized based on the existing structure of the Project Survey.

For example, when you answer a survey question, that answer has explicit and implicit logic tied to it that determines what Countermeasures, Additional Requirements, How-To’s, and other survey Answers are available in the application.

Content Packs are organized so that content relating to certain Answers are grouped together, and any content that is irrelevant to that topic is omitted from that grouping.

Select and activate a Content Pack

Prerequisites:
  • The user has the permission Global Roles → Customization → Customize content.

  • The user has upgraded to SD Elements version 5.3 or later.

To avoid reactivating previously deactivated content, complete Content Pack changes using the API.

Process Countermeasures are deselected by default. If you would like to make this content available, ensure that you select its check box.

How is content in SD Elements affected?

Survey Questions and Answers

New projects

When creating a new project, survey questions and answers related to deactivated Content Packs will no longer appear.

Affected answers are marked as both inactive and hidden:

  • Affected answers no longer appear in the Project Survey.

  • If all of a Question’s Answers are marked inactive, the Question is also hidden from the survey. If all Questions in a Subsection end up hidden, the Subsection is also hidden, and so on.

Existing projects

If you return to edit the survey of an existing project:

  • Affected questions and answers no longer appear in the survey.

  • However, you have the option of accepting content updates or deferring them.

Custom content

If you create custom content (subsection, question, answer) under a parent section that is deactivated, the custom content still appears.

Project Survey

On the project survey page, you can see which answers are deactivated by a Content Pack by viewing specific subsections.

profiles message answers

If a Subsection (Question) is deactivated, you cannot add a custom answer because the parent is no longer active.

Countermeasures

Library Countermeasures

Library Countermeasures are affected in the same way as when they are normally deactivated. On the Library Countermeasure page, affected Countermeasures will appear as “Deactivated”.

profiles message library countermeasures

New projects

Affected Countermeasures no longer show up as Countermeasures in new projects.

Existing projects

In existing Projects, you are notified of library changes and can choose to remove affected Countermeasures from their projects.

Library changes notification

You may accept all updates or none.

  • Defer updates to keep Countermeasures in the Project Countermeasure List.

  • Accept updates to remove Countermeasures from the Project Countermeasure List.

Additional Requirements

Additional Requirements are affected in the same way as when they are normally deactivated:

  • Any associated Additional Requirements appear as modified.

  • Additional Requirements are removed from the Library Countermeasure list.

  • The Additional Requirement no longer appears in the description of new and existing Project Countermeasures.

How-Tos

How-Tos are affected in the same way as when they are normally deactivated:

  • The associated Countermeasure appears as modified.

  • The How-To is removed from the Library Countermeasure list.

  • The How-To no longer appears in the HowTos of new and existing Project Countermeasures.

Phases

No Phases are tagged with Content Packs.

Profiles

If all content related to built-in Profiles in SD Elements has been disabled, then the Profile appears as deactivated. Deactivating a profile does not impact Content Packs.

Process Countermeasures

Unlike the rest of the Content Packs available through the Content Pack Selector, Process Countermeasures are auto-disabled.

Users can reactivate Process Countermeasures by selecting the Process Countermeasures Content Pack checkbox from the CPS.

If you are on earlier versions of SD Elements, or want to upgrade to a later version of the platform, you must upgrade to 5.3 first, then upgrade again to another version.

See Process Countermeasures for more information about what Process Countermeasures are and how to use them.

How are profiles affected?

New Projects

When you create a new project, the Profile will not be visible on the profile list:

profiles message profile list

Existing Projects

For existing projects, you can see that the profile is deactivated when you return to the Project Survey.

profiles message survey

You can also see that it’s deactivated on the project list page:

profiles project list

Custom Profiles cannot be disabled. Instead, you can click on the Custom profile and delete it.

results matching ""

    No results matching ""