You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on May 3, 2020. It is now read-only.
Currently the NIST800 Overall and Impact ratings include "Informational" and "Critical" and should be "Very Low" and "Very High" instead, respectively.
The Likelihood ratings missing "Very Low" and "Very High".
If there is a particular reason for this that I am unaware of, please let me know as clients viewing the NIST800 ratings are asking about why they deviate from the NIST800-30 publication's ratings.
Example Use Case
Would be great to generate reports with NIST800 scoring that correlate to the NIST800-30 publication above.
The text was updated successfully, but these errors were encountered:
The NIST800-30 scoring is the latest type of scoring to have been implemented in Serpico. The severity labels were simply reused from the other scoring methods.
This is something that might not be that hard to change in the platform itself. In the meantime, you can use the solution posted in #501 to rename the problematic labels.
Great idea, didnt think of that. That would work for most thing except the Likelihood ratings are missing 2 entries and there is the calculation in the helpers.rb file that calculates the risk based upon those two (Impact and Likelihood) ratings. Thanks.
Please fill out the Bug Form or Feature Request Below
Feature Request
Name NIST800 Impact, Likelihood and Overall Risk Ratings according to NIST800-30 publication: https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-30r1.pdf
Currently the NIST800 Overall and Impact ratings include "Informational" and "Critical" and should be "Very Low" and "Very High" instead, respectively.
The Likelihood ratings missing "Very Low" and "Very High".
If there is a particular reason for this that I am unaware of, please let me know as clients viewing the NIST800 ratings are asking about why they deviate from the NIST800-30 publication's ratings.
Example Use Case
Would be great to generate reports with NIST800 scoring that correlate to the NIST800-30 publication above.
The text was updated successfully, but these errors were encountered: