Countermeasures

A Countermeasure is an individual unit of work. It represents a prescriptive step to prevent a Weakness (which is a potential business issue), or a method to test whether a Weakness exists. Each Countermeasure has a status representing whether or not it is complete, a priority, and other properties.

Library Countermeasures are automatically assigned to projects based on how their rules match project survey answers. Library Countermeasures can also be manually added to projects.

The application tracks an official set of Countermeasures and their rules for when they are applicable to a project. A Default Countermeasure can be modified and additional Countermeasures can be added as well.

Countermeasure details

  • Title: The title of the Countermeasure as it will appear in the project.

  • Priority: The priority of the Countermeasure will appear in the Countermeasures page.

  • Phase: The phase in which the Countermeasure will appear.

  • Weakness: The Weakness that the Countermeasure is trying to solve.

    • If a Countermeasure isn’t associated with any specific Weakness, it gets assigned to a catch-all "Always Applicable" Weakness.

    • The Weakness' rules appear on the right side of the page. They must apply to a project before the Countermeasure’s rules are evaluated.

  • Solution: A general approach to how to solve the Weakness. This is the main part of the Countermeasure. Solutions are concise and link to other sources for more details.

    Use Markdown to apply rich text formatting to a Solution. Markdown syntax is accessible by clicking on the box beneath the Solution.
  • Rules: The section titled Applicable to a Project when the following rules are met shows the rules for the Countermeasure. There are two types of rules that appear here:

    • Weakness' Rules: If you selected a Weakness other than "Always Applicable" then that Weakness' rules will appear first, followed by a single "AND" clause for the Solution’s Rules. If you selected "Always Applicable" as the Weakness, then this section will not appear.

    • Countermeasure’s Rules: These are the rules for when the Countermeasure should appear in a project. If you selected "Always Applicable" as the Weakness, then these are the only rules. If you do not enter any rules, then this Countermeasures will appear in all projects.

  • Additional Requirements: Additional steps or controls relevant to a Countermeasure in certain conditions. Additional Requirements provide clearer guidance to address the underlying Weakness in the context of an industry standard or an organization policy. Refer to the guidance about content rules for crafting match conditions.

  • How-To’s: Code samples, testing scripts, or other technology/specific examples of how to implement the Solution. How-Tos should give actionable steps to users in their particular context. How-To’s also have a title, text, and rules. Refer to the guidance about content rules for crafting match conditions.

Additional Requirements details

Countermeasures address potential Weaknesses in the project (for example, P408 Weak Password Requirements). In certain cases, these Weaknesses pertain to specific standards/regulations, such as PCI-DSS and PA-DSS.

However, a common issue is that different standards have different requirements for the same Weakness. To help with managing these different requirements, it is possible to create Additional Requirements for a Countermeasure.

For example, PA-DSSv2 requires that a password be at least 7 characters long, while COBIT4.1 requires that a password be at least 8 characters long. In this case, we can create an Additional Requirement for P408 to record this difference in requirements between different standards. This differs from How-To’s in that the details of implementation are not important in an Additional Requirement.

Additional Requirements have the following details:

  • Title: The title of the additional requirement.

  • Text: Specific guidance for addressing the Weakness in the context of this requirement. The steps are concise and link to other sources for more details, if needed.

    Use Markdown to apply rich text formatting to the Text field. Markdown syntax is accessible by clicking on the box beneath the Solution.
  • Rules: The section titled Applicable to a Project when the following rules are met shows the rules for the requirement.

An Additional Requirement is added to a project Countermeasure when the rules of the Countermeasure and Additional Requirement match a project’s settings.

Reorder Additional Requirements

Drag and drop Additional Requirements to customize their order.

Steps:
  1. Open the Library→Countermeasures page.

  2. Select a Countermeasure.

  3. Scroll down to Additional Requirements.

    1. You can reorder existing Additional Requirements, or create your own to reorder.

  4. Drag and drop Additional Requirements to rorder them.

    1. Optionally, drag an Additional Requirement above the Solution Placeholder bar to have that Additional Requirement appear before the solution of this Countermeasure.

  5. Click Save.

The new order is saved and can be viewed from Library Countermeasures pages, Project Countermeasures preview and edit pages, and your Issue Tracker sync descriptions.

Reordering Additional Requirements for a Countermeasure does not mark it as customized. Additionally, reverting a Countermeasure to its default settings will not affect the order of Additional Requirements. You can restore a Countermeasure to retrieve the original ordering of Additional Requirements at the time of deletion.

How-To details

How-To’s have the following details:

  • Title: The title of the How-To.

  • Text: Specific guidance about implementing the Countermeasure in the context of the project.

    Use Markdown to apply rich text formatting to the Text field. Markdown syntax is accessible by clicking on the box beneath the Text.
  • Rules: The section titled Applicable to a Project when the following rules are met shows the rules for the How-To.

Add a custom Countermeasure

Create a Custom Countermeasure by following the steps below.

Prerequisites:
  • The user has the permission Global Roles→Customization→Customize content.

Steps:
  1. Open the Library→Countermeasures page.

  2. Click the plus button, New Countermeasure. A dialog opens.

  3. Fill in the required fields.

  4. Click Save.

The new Countermeasure is available to all projects in the system.

Markdown support

Markdown is supported in the Solution section of the New Countermeasure dialog, as follows:

    This is how you make a heading (h1,h2,etc):

    # This is a 1st level heading.
    ## This is a 2nd level heading.
    ###### This is a 6th level heading.

    This will produce an unordered list (a blank line is required above and below the list):

    * Red
    * Green
    * Blue

    This will produce an ordered list (a blank line is required above and below the list):

    1. High
    2. Medium
    3. Low

    Code blocks:

        Put four spaces in front of *every* line in your code block.
        Your code will be properly escaped, and will display as a neatly
        formatted code block.

    ```python
    # You can also wrap the code block using three single quotes and specify a
    # language to use for syntax highlighting (when available).
    function test():
        print("Hello World")
    ```

    Put *asterisks* around text you want to emphasize.

    Finally, this is how you make [a hyperlink](http://example.com/) (there
    is no space between the brackets and the parentheses).

Update a custom Countermeasure

Update a Custom Countermeasure by following the steps below.

Prerequisites:
  • The user has the permission Global Roles→Customization→Customize content.

Steps:
  1. Open the Library→Countermeasures page.

  2. Search for a Countermeasure from the Countermeasure library.

  3. Click on the title of the Countermeasure.

  4. Update the Countermeasure by modifying its fields.

  5. Click Save.

Changes to a Countermeasure take effect as follows:
  • Title, Solution, How-to and Additional Requirements changes take effect immediately in all projects.

  • Weakness and Rules changes apply to new projects immediately: the Countermeasure will appear in the Countermeasure list according to its rules.

  • Existing projects without this Countermeasure, but matching the Weakness and Rules, will prompt project lead users to accept the Countermeasure.

  • Existing projects with this Countermeasure, but no longer matching the Weakness and Rules, will prompt Project Lead users to remove the Countermeasure.

Update a default Countermeasure

Default Countermeasures are automatically kept up-to-date with each product update. However, changes made to a default Countermeasure are not affected by product updates. A default Countermeasure’s original values are displayed only when a privileged user chooses to Revert all Countermeasure customizations or Revert specific Countermeasure customizations.

Update a Default Countermeasure by following the steps below.

Prerequisites:
  • The user has the permission Global Roles→Customization→Customize content.

Steps:
  1. Open the Library→Countermeasures page.

  2. Search for a Countermeasure from the Countermeasure library.

  3. Click on the title of the Countermeasure.

  4. Update the Countermeasure by modifying its fields.

  5. Click Save.

After an update, a default Countermeasure is assigned the type "Modified". The modified fields are marked with a green asterisk.

For example, after changing "Priority" the field appears as follows:

default countermeasure field edit
Changes to a Countermeasure take effect as follows:
  • Title, Solution, How-to and Additional Requirements changes take effect immediately in all projects.

  • Weakness and Rules changes apply to new projects immediately: the Countermeasure will appear in the Countermeasure list according to its rules.

  • Existing projects without this Countermeasure, but matching the Weakness and Rules, will prompt project lead users to accept the Countermeasure.

  • Existing projects with this Countermeasure, but no longer matching the Weakness and Rules, will prompt Project Lead users to remove the Countermeasure.

Deactivate a Countermeasure

Temporarily remove a custom or default Countermeasure from new and existing projects by following the steps below.

Prerequisites:
  • The user has the permission Global Roles→Customization→Customize content.

Steps:
  1. Open the Library→Countermeasures page.

  2. Search for the Countermeasure using the interface and click its title.

  3. Click Deactivate Countermeasure.

  4. Click Confirm.

The deactivated Countermeasure will not appear in new projects. It will continue to appear in existing projects until a project lead selects "Accept Content Updates".

Reactivate a Countermeasure

Activate a disabled custom or default Countermeasure by following the steps below.

Prerequisites:
  • The user has the permission Global Roles→Customization→Customize content.

Steps:
  1. Open the Library→Countermeasures page.

  2. Search for a Countermeasure from the Countermeasure library.

  3. Click on the title of the Countermeasure.

  4. Click Reactivate Countermeasure.

  5. Click Confirm.

The reactivated Countermeasure will appear in new projects. It no longer appears in existing applicable projects until a project lead selects "Accept Content Updates".

Delete a custom Countermeasure

Permanently delete a custom Countermeasure from all projects by following the steps below.

Prerequisites:
  • The user has the permission Global Roles→Customization→Customize content.

Steps:
  1. Open the Library→Countermeasures page.

  2. Search for a Countermeasure from the Countermeasure library.

  3. Click on the title of the Countermeasure.

  4. Click Delete Countermeasure.

  5. Click Confirm.

The Countermeasure is immediatley removed from all projects.

To limit impact on teams, it is a good practice to deactivate a Countermeasure first and then delete it after a period of time.

Delete Additional Requirements or How-To’s

You can delete a custom Additional Requirement or How-To permanently. However, built-in Requirements and How-To’s that are deleted can be restored. Permanently delete Additional Requirements and How-To’s by following the steps below.

Prerequisites:
  • The user has the permission Global Roles→Customization→Customize content.

Steps:
  1. Open the Library→Countermeasures page.

  2. Search for a Countermeasure from the Countermeasure library.

  3. Click on the title of the Countermeasure.

  4. Scroll down to select an Additional Requirement or How-To.

  5. Select the Delete checkbox on the right side of the page.

  6. Click Save.

The custom Additional Requirement or How-To is deleted.

Restore all Additional Requirements or How-To’s

Restore Additional Requirements and How-To’s by following the steps below.

Prerequisites:
  • The user has the permission Global Roles→Customization→Customize content.

Steps:
  1. Open the Library→Countermeasures page.

  2. Search for a Countermeasure from the Countermeasure library.

  3. Click on the title of the Countermeasure.

  4. Scroll down to Additional Requirements or How-To’s.

  5. Select the appropriate checkbox on the right side of the page:

    1. Restore all deleted Additional Requirements

    2. Restore all deleted How-To’s

  6. Click Save.

The Additional Requirements or How-To’s are restored.

Revert all Countermeasure customizations

Discard all customizations to a default Countermeasure and use its latest original version by following the steps below. Only original Countermeasures can be reverted.

Prerequisites:
  • The user has the permission Global Roles→Customization→Customize content.

Steps:
  1. Open the Library→Countermeasures page.

  2. Search for a Countermeasure from the Countermeasure library.

  3. Click on the title of the Countermeasure.

  4. Click Revert to Original.

  5. Click Confirm.

All the changes to the Countermeasure, including new How-To’s, Additional Requirements, and Solution changes are removed. The changes take effect in all projects immediately.

Revert specific Countermeasure customizations

Discard certain customizations to a Default Countermeasure by following the steps below.

Prerequisites:
  • The user has the permission Global Roles→Customization→Customize content.

Steps:
  1. Open the Library→Countermeasures page.

  2. Search for a Countermeasure from the Countermeasure library.

  3. Click on the title of the Countermeasure.

  4. Find fields with a green asterisk to identify previously modified fields.

    • For example, the "Priority" field below has been modified.

      default countermeasure field edit
  5. Select the "Revert" checkbox for each field whose changes you want to undo.

  6. Click Save. A dialog will appear.

    image
  7. Acknowledge the warning and click Confirm.

The changes to the Countermeasure you selected are removed. The change takes effect immediately in all projects.

If you revert a modified Weakness, the match conditions will also be reverted. However, custom match conditions that you add can only be reverted by the steps above.

Apply a Countermeasure tag

Countermeasure tags are displayed in a project’s Countermeasure list and used to filter Countermeasures. Follow the steps below to add a tag to an existing Countermeasure.

Prerequisites:
  • The user has the permission Global Roles→Customization→Customize content.

Steps:
  1. Open the Library→Countermeasures page.

  2. Search for a Countermeasure from the Countermeasure library.

  3. Click on the title of the Countermeasure.

  4. Hover your mouse over the Countermeasure to see a small input box called "New Tag…​"

  5. Enter a tag name and press Enter.

The tag is assigned to the Countermeasure.

Search for a Countermeasure

Search for a Countermeasure in the library by following the steps below.

Prerequisites:
  • The user has the permission Global Roles→Customization→Customize content.

Steps:
  1. Open the Library→Countermeasures page.

  2. Click on the magnifying glass icon on the left side of the page.

  3. Search for specific Countermeasures by name, or filter by category, phase, or tag. You can also search by type:

    • Custom & Original All Countermeasures.

    • Custom All new custom Countermeasures and original Countermeasures that you have since customized.

    • Original All original Countermeasures you have not customized.

Countermeasures matching the filter are displayed in the list view.

View a Countermeasure in read-only mode

Examine a read-only version of a library Countermeasure by following the steps below.

Prerequisites:
  • The user has the permission Global Roles→User Management→Modify own user settings.

  • The user does not have the permission Global Roles→Customization→Customize content.

Steps:
  1. Open the Library→Countermeasures page.

  2. Click the magnifying glass icon on the left side of the page.

  3. Search for specific Countermeasures by name, or filter by category, phase, or tag. You can also search by type:

    • All All Countermeasures.

    • Custom All new custom Countermeasures you have created.

    • Modified All original Countermeasures you have modified.

    • Original All original Countermeasures you have not modified.

Countermeasures matching the filter are displayed in the list view. A Countermeasure you select is presented in full detail, but you cannot modify it in this view.

results matching ""

    No results matching ""