This is how you make a heading (h1,h2,etc):
# This is a 1st level heading.
## This is a 2nd level heading.
###### This is a 6th level heading.
This will produce an unordered list (a blank line is required above and below the list):
* Red
* Green
* Blue
This will produce an ordered list (a blank line is required above and below the list):
1. High
2. Medium
3. Low
Code blocks:
Put four spaces in front of *every* line in your code block.
Your code will be properly escaped, and will display as a neatly
formatted code block.
```python
# You can also wrap the code block using three single quotes and specify a
# language to use for syntax highlighting (when available).
function test():
print("Hello World")
```
Put *asterisks* around text you want to emphasize.
Finally, this is how you make [a hyperlink](http://example.com/) (there
is no space between the brackets and the parentheses).
Countermeasures
Table of Contents
- Countermeasure details
- Additional Requirements details
- Add a custom Countermeasure
- Update a custom Countermeasure
- Update a default Countermeasure
- Deactivate a Countermeasure
- Reactivate a Countermeasure
- Delete a custom Countermeasure
- Delete Additional Requirements or How-To’s
- Restore all Additional Requirements or How-To’s
- Revert all Countermeasure customizations
- Apply a Countermeasure tag
- Search for a Countermeasure
A Countermeasure is an individual unit of work. It represents a prescriptive step to prevent a Weakness (which is a potential business issue), or a method to test whether a Weakness exists. Each Countermeasure has a status representing whether or not it is complete, a priority, and other properties.
| Library Countermeasures are automatically assigned to projects based on how their rules match project survey answers. Library Countermeasures can also be manually added to projects. |
The application tracks an official set of Countermeasures and their rules for when they are applicable to a project. A Default Countermeasure can be modified and additional Countermeasures can be added as well.
Countermeasure details
-
Title: The title of the Countermeasure as it will appear in the project.
-
Priority: The priority of the Countermeasure will appear in the Countermeasures page.
-
Phase: The phase in which the Countermeasure will appear.
-
Weakness: The Weakness that the Countermeasure is trying to solve.
-
If a Countermeasure isn’t associated with any specific Weakness, it gets assigned to a catch-all "Always Applicable" Weakness.
-
The Weakness' rules appear at the bottom of the detail page. They must apply to a project before the Countermeasure’s rules are evaluated.
-
-
Solution: A general approach to how to solve the Weakness. This is the main part of the Countermeasure. Solutions are concise and link to other sources for more details.
Use Markdown to apply rich text formatting to a Solution. Markdown syntax is accessible by clicking on the box beneath the Solution. -
Rules: The section titled Applicability Rules to a Project when the following rules are met shows the rules for the Countermeasure. There are two types of rules that appear here:
-
Weakness' Rules: If you selected a Weakness other than "Always Applicable" then that Weakness' rules will appear first, followed by a single "AND" clause for the Solution’s Rules. If you selected "Always Applicable" as the Weakness, then this section will not appear.
-
Countermeasure’s Rules: These are the rules for when the Countermeasure should appear in a project. If you selected "Always Applicable" as the Weakness, then these are the only rules. If you do not enter any rules, then this Countermeasures will appear in all projects.
-
-
Additional Requirements: Additional steps or controls relevant to a Countermeasure in certain conditions. Additional Requirements provide clearer guidance to address the underlying Weakness in the context of an industry standard or an organization policy. Refer to the guidance about content rules for crafting match conditions.
-
How-To’s: Code samples, testing scripts, or other technology/specific examples of how to implement the Solution. How-Tos should give actionable steps to users in their particular context. How-To’s also have a title, text, and rules. Refer to the guidance about content rules for crafting match conditions.
Additional Requirements details
Countermeasures address potential Weaknesses in the project (for example, P408 Weak Password Requirements). In certain cases, these Weaknesses pertain to specific standards/regulations, such as PCI-DSS and PA-DSS.
However, a common issue is that different standards have different requirements for the same Weakness. To help with managing these different requirements, it is possible to create Additional Requirements for a Countermeasure.
For example, PA-DSSv2 requires that a password be at least 7 characters long, while COBIT4.1 requires that a password be at least 8 characters long. In this case, we can create an Additional Requirement for P408 to record this difference in requirements between different standards. This differs from How-To’s in that the details of implementation are not important in an Additional Requirement.
Additional Requirements have the following details:
-
Title: The title of the additional requirement.
-
Text: Specific guidance for addressing the Weakness in the context of this requirement. The steps are concise and link to other sources for more details, if needed.
Use Markdown to apply rich text formatting to the Text field. Markdown syntax is accessible by clicking on the box beneath the Solution. -
Rules: The section titled Applicable to a Project when the following rules are met shows the rules for the requirement.
An Additional Requirement is added to a project Countermeasure when the rules of the Countermeasure and Additional Requirement match a project’s settings.
Reorder Additional Requirements
Drag and drop Additional Requirements to customize their order.
Steps:
-
Open the Library→Countermeasures page.
-
Select a Countermeasure.
-
Click on the Additional Requirements tab.
-
Click the edit pencil icon, and choose the reorder icon in top right corner.
-
-
Drag and drop Additional Requirements to rorder them.
-
Optionally, drag an Additional Requirement above the Solution Placeholder bar to have that Additional Requirement appear before the solution of this Countermeasure.
-
-
Click Save.
The new order is saved and can be viewed from Library Countermeasures Aditional Requirment page, Project Countermeasures preview and edit pages, and your Issue Tracker sync descriptions.
| Reordering Additional Requirements for a Countermeasure does not mark it as customized. Additionally, reverting a Countermeasure to its default settings will not affect the order of Additional Requirements. == How-To details |
How-To’s have the following details:
-
Title: The title of the How-To.
-
Text: Specific guidance about implementing the Countermeasure in the context of the project.
Use Markdown to apply rich text formatting to the Text field. Markdown syntax is accessible by clicking on the box beneath the Text. -
Rules: The section titled Applicable to a Project when the following rules are met shows the rules for the How-To.
Steps:
-
Open the Library→Countermeasures page.
-
Select a Countermeasure.
-
Click on the How-Tos tab.
-
Click the "Add a How-To" or edit pencil icon, to create or modify an existing How-To.
-
-
Click Save.
Add a custom Countermeasure
Create a Custom Countermeasure by following the steps below.
Prerequisites:
-
The user has the permission Global Roles→Customization→Customize content.
Steps:
-
Open the Library→Countermeasures page.
-
Click the plus button, New Countermeasure. A new page appears with a stepper workflow.
-
Fill in the required fields for the details page.
-
[Optional] Click Next to continue to the next step to add additional requirements.
-
[Optional] Click Next to continue to the next step to add how-tos.
-
-
Click Finish and Create.
The new Countermeasure is available to all projects in the system.
Markdown support
Markdown is supported in the Solution section of the New Countermeasure dialog, as follows:
Update a custom Countermeasure
Update a Custom Countermeasure by following the steps below.
Prerequisites:
-
The user has the permission Global Roles→Customization→Customize content.
Steps:
-
Open the Library→Countermeasures page.
-
Search for a Countermeasure from the Countermeasure library.
-
Click on the title of the Countermeasure.
-
Update the Countermeasure by clicking the edit pencil icon to open the edit form.
-
Click Save.
Changes to a Countermeasure take effect as follows:
-
Title, Solution, How-to and Additional Requirements changes take effect immediately in all projects.
-
Weakness and Rules changes apply to new projects immediately: the Countermeasure will appear in the Countermeasure list according to its rules.
-
Existing projects without this Countermeasure, but matching the Weakness and Rules, will prompt project lead users to accept the Countermeasure.
-
Existing projects with this Countermeasure, but no longer matching the Weakness and Rules, will prompt Project Lead users to remove the Countermeasure.
Update a default Countermeasure
Default Countermeasures are automatically kept up-to-date with each product update. However, changes made to a default Countermeasure are not affected by product updates. A default Countermeasure’s original values are displayed only when a privileged user chooses to Revert all Countermeasure customizations or [Revert specific Countermeasure customizations].
Update a Default Countermeasure by following the steps below.
Prerequisites:
-
The user has the permission Global Roles→Customization→Customize content.
Steps:
-
Open the Library→Countermeasures page.
-
Search for a Countermeasure from the Countermeasure library.
-
Click on the title of the Countermeasure.
-
Update the Countermeasure by clicking the edit pencil icon to open the edit form.
-
Click Save.
After an update, a default Countermeasure is assigned the type "Bultin Modified". The Builtin Modified fields are marked with a purple modified labeled on the edit form.
Changes to a Countermeasure take effect as follows:
-
Title, Solution, How-to and Additional Requirements changes take effect immediately in all projects.
-
Weakness and Rules changes apply to new projects immediately: the Countermeasure will appear in the Countermeasure list according to its rules.
-
Existing projects without this Countermeasure, but matching the Weakness and Rules, will prompt project lead users to accept the Countermeasure.
-
Existing projects with this Countermeasure, but no longer matching the Weakness and Rules, will prompt Project Lead users to remove the Countermeasure.
Deactivate a Countermeasure
Temporarily remove a custom or default Countermeasure from new and existing projects by following the steps below.
Prerequisites:
-
The user has the permission Global Roles→Customization→Customize content.
Steps:
-
Open the Library→Countermeasures page.
-
Search for the Countermeasure using the interface and click its title.
-
Click on the Activate Label to Deactivate Countermeasure.
-
Note this can be done on the countermeasure list page as well.
-
-
Click Confirm.
The deactivated Countermeasure will not appear in new projects. It will continue to appear in existing projects until a project lead selects "Accept Content Updates".
Reactivate a Countermeasure
Activate a disabled custom or default Countermeasure by following the steps below.
Prerequisites:
-
The user has the permission Global Roles→Customization→Customize content.
Steps:
-
Open the Library→Countermeasures page.
-
Search for a Countermeasure from the Countermeasure library.
-
Click on the title of the Countermeasure.
-
Click on the Deactivate Label to Activate Countermeasure.
-
Note this can be done on the countermeasure list page as well.
-
-
Click Confirm.
The reactivated Countermeasure will appear in new projects. It no longer appears in existing applicable projects until a project lead selects "Accept Content Updates".
Delete a custom Countermeasure
Permanently delete a custom Countermeasure from all projects by following the steps below.
Prerequisites:
-
The user has the permission Global Roles→Customization→Customize content.
Steps:
-
Open the Library→Countermeasures page.
-
Search for a Countermeasure from the Countermeasure library.
-
Click on the title of the Countermeasure.
-
Click Delete Trash Can Icon in the upper right corner.
-
Note this can be done on the countermeasure list page as well.
-
-
Click Confirm.
The Countermeasure is immediatley removed from all projects.
| To limit impact on teams, it is a good practice to deactivate a Countermeasure first and then delete it after a period of time. |
Delete Additional Requirements or How-To’s
You can deactivate or delete a custom Additional Requirement or How-To. However, built-in Requirements and How-To’s that can only be deactivated. Activate or Deactivate Additional Requirements and How-To’s by following the steps below.
Prerequisites:
-
The user has the permission Global Roles→Customization→Customize content.
Steps:
-
Open the Library→Countermeasures page.
-
Search for a Countermeasure from the Countermeasure library.
-
Click on the title of the Countermeasure.
-
Click on the appriopiate tab Additional Requirement or How-To.
-
Click on the Activated or Deactivated label beside the title.
-
Note:
-
Restore all Additional Requirements or How-To’s
Restore Additional Requirements and How-To’s by following the steps below.
Prerequisites:
-
The user has the permission Global Roles→Customization→Customize content.
Steps:
-
Open the Library→Countermeasures page.
-
Search for a Countermeasure from the Countermeasure library.
-
Click on the title of the Countermeasure.
-
Click on the Additional Requirements or How-Tos tab
-
Click on the Edit Pencil Icon to bring up the edit form and select restore icon
-
The restore panel will appear on the right side of the page:
-
Select the Additional Requirements or How-To’s you would like to restore.
-
Click Restore
-
-
Click Save to publish changes.
The Additional Requirements or How-To’s are restored.
Revert all Countermeasure customizations
Discard all customizations to a default Countermeasure and use its latest original version by following the steps below. Only original Countermeasures can be reverted.
Prerequisites:
-
The user has the permission Global Roles→Customization→Customize content.
Steps:
-
Open the Library→Countermeasures page.
-
Search for a Countermeasure from the Countermeasure library.
-
Click on the title of the Countermeasure.
-
Click on the Edit Pencil Icon to bring up the edit form and select restore icon
-
The restore panel will appear on the right side of the page, select the fields to restore and click restore
-
-
Click Save to publish changes.
All the changes to the Countermeasure, including new How-To’s, Additional Requirements, and Solution changes are removed. The changes take effect in all projects immediately.
Apply a Countermeasure tag
Countermeasure tags are displayed in a project’s Countermeasure list and used to filter Countermeasures. Follow the steps below to add a tag to an existing Countermeasure.
Prerequisites:
-
The user has the permission Global Roles→Customization→Customize content.
Steps:
-
Open the Library→Countermeasures page.
-
Search for a Countermeasure from the Countermeasure library.
-
Click on the title of the Countermeasure.
-
Hover your mouse under the Countermeasure title to see a small input box called "New Tag…"
-
Enter a tag name and press Enter.
The tag is assigned to the Countermeasure.
Search for a Countermeasure
Search for a Countermeasure in the library by following the steps below.
Prerequisites:
-
The user has the permission Global Roles→Customization→Customize content.
Steps:
-
Open the Library→Countermeasures page.
-
Click on the magnifying glass icon on the right top corner of the page.
-
Search for specific Countermeasures by name, or ID
-
Additional filter capabilities also exist, by clicking on the downward triangle filter by category, phase, or tag. ..You can also filter by type, phase, active status, regulation or tag.
Countermeasures matching the filter are displayed in the list view.