Importing Assessment Results
Importing Assessment Results Ryskview can import results of ANY assessment. By utilizing the Ryskview Assessment Import Template (link below), you can cut and paste the results of any manual or automated assessment into the template for easy import. Download Template Once the template is populated, log into Ryskview. On the menu bar, select “Nessus”, then […]
Controls Assessment
Introduction The Controls Assessment Feature provides users the ability to track their compliance within DoD CCI or another type of framework. Users can access the controls assessment tab from the Systems page by selecting the action button of the preferred system, selecting view, and selecting the Controls Assessment tab. Select the framework dropdown menu in […]
Issuances
Ryskview tracks issuances directed by the DoD for users to quickly identify and remediate vulnerabilities to comply with DoD guidelines. The Information Assurance Vulnerability Management (IAVM) is a DoD program that aims to maintain the security posture of DoD systems by identifying, mitigating, and monitoring vulnerabilities. The Issuance dashboard lists the IAVMs and other DoD […]
Vulnerability Scans – Manual Import
Ryskview accepts vulnerability scan imports from Tenable Security Center. The initial scan import is a critical step in the process as it will associate the imported assets with the correct system. For the initial scan import, the scan should be system specific. For example, a medical system scan should have its own scan, which is […]
Exporting .csv Files
Ryskview allow the user to export comma separated value files (.csv), which the user can use to gain more insight on their systems/assets. csv Files can be exported from the Scan Data page or from any report page. Dashboard > Scan Data Exports On the scan data page, users can export all data for all […]
Mitigation Library
In a POAM, there is a tab called Mitigations. This is a space where the user (typically SA or ISSO) can specify the mitigations that reduce the risk of the vulnerability. In an ideal world, all SA and ISSO would be technical experts on vulnerabilities and mitigations. But this is not an ideal world and […]
Add a Vulnerability to a POAM
Local guidelines may differ; however, you will typically Add to POAM when: A vulnerability is past due A vulnerability will not be fixed within a reasonable time frame A vulnerability is a false positive SA requests Risk Acceptance Management needs additional information on a high visibility vulnerability Ryskview does not allow the same POAM vulnerability […]
POAM Task Queue
Overview Home screen containing POAM Actions, or vulnerabilities, assigned to you in which you can: Task Queue features Users can filter the POAMs shown based on the above 3 factors. Selecting the Past Due checkbox will display the POAMs that are past their scheduled completion date. Selecting the Ready for closure checkbox will display POAMs […]
Scan Data
Scan Data shows all vulnerabilities that are directly from scans and have not been added to a POAM. Filter data by their Asset Type. Examples include desktops, laptops, IoT, switches, etc. Once you submit a POAM, the vulnerability will move from Scan Data to the Task Queue. Note: After data is imported, Ryskview will add […]