R Y S K V I E W

Please Wait For Loading

Preloader Loading Cancel.

How Can We Help?
< All Topics
Print

Dashboard

Posted
Updated
Byjustin

The Dashboard is the landing page after logging into Ryskview. It is customized to each user based upon their designated roles such as System Admin, ISSO, CIO, etc). Each tab is role-based, so a user may have more than one tab, if designated as more than one.

The Dashboard consists of multiple informational tiles. Tiles can be which can be hidden by unpinning them. To restore a tile, scroll to the bottom of the Dashboard and click on the Tile you would like to restore.

To Do List

The To Do List is a designed to provide the user with specific tasks that need to be taken. The goal is to reduce each of these metrics until they reach zero

Past Due Vulnerabilities without a POAM – The number shown indicates the number of Systems that have vulnerabilities that have exceeded their due date. Clicking on the value opens a dialog box displaying the System Name, the Program Office, and Rysk Score. Clicking on the System Name will display the Assets in that System that have overdue vulnerabilities.

In order to address this metric, click on “Scan Data” button at the top of the Dashboard page, or navigate via the menu bar Dashboard > Scan Data.

Once Scan Data page opens, look at the column “Past Due w/o POAM” and address by either remediating or Adding to POAM.

Past Due Vulnerabilities with POAM – The number shown indicates the number of systems that have POAMs that are past their Scheduled Completion Date (SCD). Clicking on the value will open a new tab in the browser, load the user’s POAM Task Queue, and filter the POAMs for just those that are Past Due.

In order to remediate, add a new milestone that extends the SCD.

POAM SCD less than 30 days – The number shown indicates the number of POAM items that have a Scheduled Completion Date (SCD) within the next 30 days. Clicking on the value will open a new tab in the browser, load the user’s POAM Task Queue, and filter the POAMs for just those that are due within the next 30 days.

.In order to remediate, address the POAM item and/or add a new milestone that extends the SCD.

POAMs ready for closure (not on recent scan) – The number shown indicates the POAM items that have zero vulnerable assets. In other words, recent scan has validated that the vulnerability no longer exists on the Asset, and therefore the POAM can be closed.

Uncredentialed Scans – This number indicates the Assets that the most recent scan was uncredentialed. Clicking on the value will display the specific Assets that are identified. Scans are more accurate when credentialed, so when possible, they should be credentialed. By default, Ryskview requires all Assets to have credentialed scans, but this can be changed for specific Assets.

In order to reduce this number to zero, contact the Scanning Administrator and ensure that they have proper credentials to scan the Assets listed.

Alternatively, if there are Assets that are not expected to have credentialed scans such as certain medical devices, ICS/OT system components, or IoT, then the user can Edit the Asset properties and uncheck the “Require Credentialed Scans” attribute.

Unknown Asset Type – This number indicates the Assets that have not been categorized as a Type. Clicking on the value will open the Asset page and display only the Assets that are both uncategorized and fall within the responsibility of your role.

Categorizing the Asset Type is important both for asset management purposes, but also for Rysk Scoring. Asset Type is one of many components that help determine the Rysk Score.

Systems

The Systems tile provides information regarding System Authorizations and Compliance, as well as identifying the High Risk Systems. While there is nothing explicitly actionable, the goal is to provide a summary of information as well as highlight the High Risk Systems, so that the user will investigate and reduce the risk of these Systems. The High Risk value is hyperlinked so the user can click and see exactly which Systems are being identified.

A & A / Baseline / Deployment – This indicates the RMF Effort Type selected for these Systems.

Approved – These are the Systems that have a valid ATO Expiration date in the future.

ATO expires in less than 60 days – These are the Systems where the ATO expires within the next 60 days.

ATO Expired – These are the Systems where the ATO Expiration date has already passed.

Assets

The Asset tile identifies that different Asset Types, as well as identifying the High Risk Assets.

The Asset Types are are classified by the users of the application by going to the Assets page, editing one or more Assets, and selecting the correct Asset Type from the dropdown menu.

Operating Systems (OS)

The OS Tile lists the Operating Systems that are present, as well as identifying the High Risk Assets with specific Operating Systems.

Table of Contents

Contact Us

10411 Motor City Drive
Suite 685
Bethesda, MD 20817

(410) 696-1680

info@ryskview.com

©  Ryskview, LLC