An organization wants to apply a standard (e.g., PCI DSS v 4.0) to all threat models and does not want users to have to manually select a standard for moving countermeasures from the recommended to required status.
Required permission sets -
Configuring this use case requires access to the rules engine and the ability to edit rules in the rules engine.
- Navigate to the rules engine.
- Select the library that this rule should be saved to
- Provide a name for this new rule (e.g., "Apply Standard to All")
- Set the module to "Component"
- Leave the condition field blank
- Insert the condition "Apply Security Standard" and then select from the dropdown the respective security standard.
- If additional standards are needed, they can be added by adding additional action statements below the one previously added.