Importing Assessment Results
Importing Assessment Results Ryskview can import results of ANY assessment. By utilizing the Ryskview Assessment Import Template (link below), you can cut and paste the results of any manual or automated assessment into the template for easy import. Download Template Once the template is populated, log into Ryskview. On the menu bar, select “Nessus”, then […]
Controls Assessment
Introduction The Controls Assessment Feature provides users the ability to track their compliance within DoD CCI or another type of framework. Users can access the controls assessment tab from the Systems page by selecting the action button of the preferred system, selecting view, and selecting the Controls Assessment tab. Select the framework dropdown menu in […]
History
Overview The History page show the list of events in the Ryskview application. There are three different types of event levels: Info, Warning and Error. Users can filter these events on the page through a few different methods: Users can select a range of dates in the top left corner. Users can search through the […]
Dependencies
Purpose Dependencies are an easy way of explaining why a POAM is necessary and what is needed to address the underlying risk. Each POAM can have one or more dependencies selected. These can be reported for a single System or multiple Systems. Use Cases If there are many POAMs open for database related risks, the […]
System Authorization
Ryskview includes a module for System Authorization. It can be accessed within a System Profile, by clicking on the Authorizations tab. New Authorization In order to start a new Authorization workflow, click “New Authorization”. Only the System ISSO can start a new workflow. Select the Authorization Type. Select the Controls Assessment that will […]
Authorization Matrix
Authorization Matrix The Authorization Matrix provides a unique visual understanding of Authorizations and relationships. It is a diagram that displays linked Systems. Each box represents a System within the Authorization Boundary. Box size is determined by the number of Assets in each System. The color is determined by the Rysk score severity. Green=Low, Yellow=Moderate, Red=High, […]
Issuances
Ryskview tracks issuances directed by the DoD for users to quickly identify and remediate vulnerabilities to comply with DoD guidelines. The Information Assurance Vulnerability Management (IAVM) is a DoD program that aims to maintain the security posture of DoD systems by identifying, mitigating, and monitoring vulnerabilities. The Issuance dashboard lists the IAVMs and other DoD […]
Permissions and Designations
Because Ryskview typically has sensitive data, users cannot create user accounts themselves. User accounts are created by an Application Administrator. Users have permissions, which govern what Program Offices and Systems are accessible to the user, and designations, which are the roles that a user may have for a Program Office of System. The combination of […]
Ryskview Structure
Ryskview organizes the hierarchy of information into three groups: Program Offices, Systems, and Assets. This structure allows users to properly outline the boundaries of their information systems and the responsibilities of each device that falls within them. Program Offices Program Offices are the highest tier in the hierarchy. They are typically a physical location where […]
System Summary Page
The system summary page provide more detailed metrics for the selected system. The image below show a compilation of data points, graphs, and tiles that give users more insight into their system’s risks factors. Here is a breakdown of each metric available under the system summary tab: