Posture Management Controls Configuration

Learn how to configure posture management controls for increased security of your system.

Written By Davit Asatryan (Administrator)

Updated at May 2nd, 2024

To begin working on controls recommended by SpinOne, head to Posture Management from the left panel and click on Controls from the dropdown.

You'll notice that each control has some information around it.

 

Control Breakdown

  1. Severity - Criticality of the control (high, medium, low, info)
  2. Control - Subject and description of the control
  3. Status - Current completion status of the control
  4. Points Achieved - Number of points earned from the control and based on its completion progress, customers can earn all, partial, or no points
  5. Control User/Global Type - Indication of whether the control can be addressed by an individual user or by an administrator
  6. Control Monitor Type - Indication of whether the control is automatically monitored by the SpinOne platform or is manually monitored by the customer 
  7. Category - Security category the control belongs in

 

Control Overview

Clicking on each control opens up more information and actions you can take.

  1. Description - a more detailed explanation of the control and potential issues if not configured correctly
  2. Insights - information on assets that meet or do not meet parts of the control
  3. Actions - detailed explanation on how to configure the control correctly
  4. Manage & Share - ability to change status or share control to an integration (explanation below)

 

Manage & Share

Manage allows you to change the status of the control. Depending on whether the control is automatically or manually monitored, the following control statuses are available:

  • Automated Monitoring - Control is automatically monitored by the SpinOne platform
  • Pass - Control is addressed and fully implemented
  • Alternative Resolution - Control is addressed and fully implemented through alternative methods
  • Risk Accepted - Control is not addressed or implemented but the imposed risk has been accepted
  • To Address - Control is not addressed or implemented at all
  • Suppressed - Control is not relevant 

To change the control status, customers must include their reasoning by adding a note.

Share allows you to share the control to Email, Jira, & ServiceNow integrations. This allows you to assign the control to different departments within the organization by creating a ticket for them, or acts as a way to notify End Users of changes need to be made from their end.

Was this article helpful?