Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Track security exceptions #670

Open
ab-smith opened this issue Jul 19, 2024 · 1 comment
Open

Track security exceptions #670

ab-smith opened this issue Jul 19, 2024 · 1 comment
Labels
new feature

Comments

@ab-smith
Copy link
Contributor

Problem statement

From an audit, risk assessment, or directly, I want to be able to track security exceptions. They are a variant of risk acceptance and can be useful to list items that are not going through RAF but are accepted drift, temporarily or permanently.
@ldelavaissiere
Copy link

I have the same requirements. Audits and risk assessments should allow exceptions (e.g., where an audit point is partially compliant or where a residual risk is not satisfactory). IMHO, to be helpful, those exceptions should be based on action plans with (i) a description, (ii) an owner, (iii) a deadline, and (iv) a status.
(It does not seem to me that risk acceptances are variants of exceptions, given that the documentation says that "Risk acceptance is when an organization or individual decides to tolerate a certain level of risk without taking further action to reduce it." --> The tool should allow further actions to be tracked to reduce risks or compliance issues.)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
new feature
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ldelavaissiere @ab-smith