Controls are security safeguards and configurations to manage, mitigate, or counteract the threats and risks to an organization’s security. To view and address security controls recommended by SpinOne, navigate to Posture Management from the left panel and click on Controls from the dropdown.
- Severity - Criticality of the control (high, medium, low, info)
- Control - Subject and description of the control
- Status - Current completion status of the control
- Points Achieved - Number of points earned from the control and based on its completion progress, customers can earn all, partial, or no points
- Impact - The percent increase of the overall Posture Score once the control is completed
- Control User/Global Type - Indication of whether the control can be addressed by an individual user or by an administrator
- Control Monitor Type - Indication of whether the control is automatically monitored by the SpinOne platform or is manually monitored by the customer
- Category - Security category the control belongs in
Control Overview
Clicking on each control opens up more information and actions customers can take.
- Description - A detailed explanation of the control and potential issues if not configured correctly
- Insights - Relevant information of assets that meet or do not meet the control
- Actions - Detailed instructions on how to correctly configure the control
- Manage & Share - Ability to change status or share control to an integration (explanation below)
- Protected Users - The number of users currently protected by the control
Manage & Share
Manage allows customers to change the status of the control. Depending on whether the control is automatically or manually monitored, the following control statuses are available:
- Automated Monitoring - Control is automatically monitored by the SpinOne platform
- Pass - Control is addressed and fully implemented
- Alternative Resolution - Control is addressed and fully implemented through alternative methods
- Risk Accepted - Control is not addressed or implemented but the imposed risk has been accepted
- To Address - Control is not addressed or implemented at all
- Suppressed - Control is not relevant
To change the control status, customers must include their reasoning by adding a note.
Share allows customers to share the control to Email, Jira, & ServiceNow integrations. This allows the user to assign the control to different departments within the organization by creating a ticket for them, or acts as a way to notify End Users of changes they need to make from their end.