This repository has been archived by the owner on May 3, 2020. It is now read-only.
Request: NIST Naming Changes #555
Comments
|
Hi, Thanks for reporting this. The NIST800-30 scoring is the latest type of scoring to have been implemented in Serpico. The severity labels were simply reused from the other scoring methods. This is something that might not be that hard to change in the platform itself. In the meantime, you can use the solution posted in #501 to rename the problematic labels. |
|
Great idea, didnt think of that. That would work for most thing except the Likelihood ratings are missing 2 entries and there is the calculation in the helpers.rb file that calculates the risk based upon those two (Impact and Likelihood) ratings. Thanks. |
Merged
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Please fill out the Bug Form or Feature Request Below
Feature Request
Name NIST800 Impact, Likelihood and Overall Risk Ratings according to NIST800-30 publication: https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-30r1.pdf
Currently the NIST800 Overall and Impact ratings include "Informational" and "Critical" and should be "Very Low" and "Very High" instead, respectively.
The Likelihood ratings missing "Very Low" and "Very High".
If there is a particular reason for this that I am unaware of, please let me know as clients viewing the NIST800 ratings are asking about why they deviate from the NIST800-30 publication's ratings.
Example Use Case
Would be great to generate reports with NIST800 scoring that correlate to the NIST800-30 publication above.
The text was updated successfully, but these errors were encountered: