Countermeasure details

Basic Countermeasure details

For each Countermeasure, the project Countermeasure list displays the following information:

Attribute Description Note

Status

Indicates whether the Countermeasure is "TODO" (the Countermeasure is incomplete), "Done" (the Countermeasure is complete), or "Not Applicable" (the Countermeasure does not apply to this project).

  • Additional statuses may be present if an administrator has customized the list of Countermeasure statuses.

  • Permission required to change Countermeasure status: Project Roles→Countermeasures→Change Countermeasure status

Priority

Score that indicates how important the Countermeasure is relative to other Countermeasures. 10 is the highest and 1 is the lowest.

Use the Priority to help select which Countermeasures to carry out if you do not have enough time to do all of them. Agile teams can use the priority field to help enter SD Elements Countermeasure appropriately into the backlog.

Title

The title of the Countermeasure. The number, such as "T133", is the unique number of the Countermeasure in SD Elements.

Verification

The verification "ribbon" on the right side of the Countermeasure indicates its verification status: pass, partial pass, or fail, as discussed below.

Clicking the ribbon will open up a small verification "widget", where the user can manually set the verification status of a Countermeasure. See Expanded Countermeasure detail for more information.

Note

A comment from a project team member about the Countermeasure. For example, where to find audit evidence that the Countermeasure has been completed. You can add and edit the note.

  • Permission required to add and edit notes: Project Roles→Countermeasures→Write notes on Countermeasures

Assigned User

You can assign users to Countermeasures, and filter the Countermeasures page by assigned users. Once assigned, users will receive an email notifying them that you have assigned them a Countermeasure in SD Elements.

  • Permission required to assign Countermeasures to users: Project Roles→Project Management→Assign Countermeasures to users

Basic Countermeasure view
Legend

Status= Status  Priority= Priority  Title= Title  Details= Details

Assign users to Countermeasures

You can assign one or more users to each Countermeasure in a project, as follows:

Prerequisites:
  • The user has the permission Project Roles→Project Management→Assign Countermeasures to users.

Steps:
  1. Open the project Countermeasures page.

  2. Click Assign User(s) for the Countermeasure you want assigned.

    Add users to a Countermeasure
  3. Enter users that you want assigned to the Countermeasure.

Expanded Countermeasure detail

Select a Countermeasure to view it details:

The badges associated with each Countermeasure provide the following information:

  • Description: Provides the following details:

    • Solution: The best practice or guidance to address the associated Weakness.

    • Weakness: The risk or reason that the Countermeasure needs to be completed.

  • Related Countermeasures: Countermeasures in the system common to the same underlying Weakness.

  • How-tos: Code samples or detailed instructions on how to achieve the desired solution with a specific technology. For example, how to perform input validation with the Java Struts framework.

  • Regulations: The relevant regulations that a Countermeasure addresses.

  • Comments: Any notes left by developers or fellow stakeholders.

  • Users: A list of users who have been assigned to this Countermeasure.

  • Verification: The verification status of a Countermeasure, as indicated by an automated scanning solution or manual verification.

    • This section provides assurance that a Countermeasure has actually been completed. See Verification status for more information. The badge uses three colors for each status: Green for Pass, Orange for Partial Pass, Red for Fail.

    • A verification tool, such as static or dynamic scanner, leaves a note in the system with the following fields:

      • Status: Fail, pass or partial pass

      • Date Tested: When the test results were imported

      • Report Reference: Where in the report to find more details

      • Findings: Number of findings identified and the exact reference, in the case of a Fail status

Expanded Countermeasure detail view:

Expanded Countermeasure view

results matching ""

    No results matching ""