Features
- [DRA-382] - Added a new option to reset diagram changes to the latest sync one.
- [DRA-585] - Added new icons for docker components definitions
- [DRA-600] - Increase performance on the Import template process
- [INR-240] - Added the Top 10 countermeasures with higher impact widget to the home dashboard
- [INR-241] - Show on the compliance report the reason for Rejected and N/A countermeasures.
- [INR-324] - Added link in Home Dashboard to get user feedback on the top ten countermeasures with highest impact
- [OPT-98] - Update some components icons of AWS for CF and TF mapping files.
- [OPT-249] - Improve message on invalid IaC file on the core
- [OPT-284] - Process Terraform modules as IriusRisk components
- [RT-473] - Standardize the nomenclature of menu items
- [RT-351] - Configure issue trackers at the countermeasure level
Bug Fixes
- [DRA-495] - Apply template changes to projects unable to handle new dataflows
- [DRA-506] - Fixed the TimeFormatter error.
- [DRA-644] - Create project submenu action is not working properly
- [DRA-652] - Users without permissions can create projects on an empty list on the dashboard
- [INR-316] - Hide the login button in Knowi when the user is not an admin
- [MSR-569] - Properly return error details when creating a new library by API fails
- [MSR-669] - Unexpected error upon creating a second action 'Insert Notification' in module Main
- [MSR-696] - Unexpected error creating a project with 'Modify mitigation value' rule when the library does not exist upon importing/deleting it
- [OPT-251] - Problems parsing CloudFormation short form of built-in functions
- [OPT-372] - Revert some IaC mapping types
- [RT-480] - The component name is displayed as 'null' when 'debug rules' is checked in the Architecture questionnaire.
- [RT-543] - Threat's filters are not being updated correctly
- [RT-558] - Wrong label in settings window for project/component on the Community version
- [RT-627] - Add PRODUCT_COUNTERMEASURE_SETTINGS_UPDATE permission to FULL_ACCESS_USER, DEVELOPER and RISK_MANAGER role users
- [RT-631] - Error when creating multiple tickets in Jira Cloud from Countermeasures
- [RT-641] - Unable to import template
Hot Fixes included
API Changes
New Knowledge-base Content
Content Review
-
CON-962: Complete NIST 800-190 standard adding the missing countermeasures.
-
Added 6 new countermeasures from NIST 800-190 + 1 Threat + 1 Weakness + 2 new components:
-
Docker Registry
-
Docker Client
-
-
Security Standards updates
-
CON-963: Complete the OWASP Container Security Verification Standard (CSVS) and refactor the Docker CIS benchmark.
-
Added 37 new countermeasures from the OWASP Container Security Verification Standard (CSVS).
-
Fixed Docker CIS Benchmark levels to be hierarchical.
-
Fixed minor grammatical issues.
-
Removed duplicated controls detected in the same threat.
-
Security content refactors
-
CON-1308: Extend the "GDPR Privacy Tab" to all components.
-
CON-1300: Grouped related countermeasures to reduce the output in Docker & Kubernetes components.
-
CON-1096: Docker CIS Benchmark and Kubernetes CIS Benchmark levels have been refactored to be hierarchical.
Cloud components
-
CON-1302: Included former name of some Azure and AWS components
Detailed changelog ([N]ew/[E]dited/[D]eleted)
-
Threats
-
[E] DOCKER-WIDE-ATTACK-SURFACE-CONTAINER-COMMUNICATION ["desc"]
-
[E] CAPEC-122-DOCKER-DAEMON-CONFIG-FILES ["desc"]
-
[E] OWASP A6:2017-LINUX ["desc"]
-
[E] CAPEC-94-IMAGES-BUILD-FILES ["desc"]
-
[E] OWASP A6:2017-DOCKER-DAEMON-CONFIG ["desc"]
-
[E] CAPEC-125-CONTAINER-RUNTIME ["desc"]
-
[E] CAPEC-157-IMAGES-BUILD-FILES ["desc"]
-
[E] CAPEC-122-DOCKER-CONTAINER-RUNTIME ["desc"]
-
[E] CAPEC-125-LINUX ["desc"]
-
[E] CAPEC-37-CONTAINER-RUNTIME ["desc"]
-
[E] OWASP A6:2017-DOCKER-SWARM ["desc"]
-
[E] CAPEC-157-DAEMON ["desc"]
-
[E] CAPEC-122-DOCKER-SWARM ["desc"]
-
[E] CAPEC-94-SWARM ["desc"]
-
[E] CAPEC-122-DOCKER-IMAGES-BUILD-FILES ["desc"]
-
[E] CAPEC-37-IMAGES-BUILD-FILE ["desc"]
-
[E] OWASP A10:2017-DAEMON ["desc"]
-
[E] CAPEC-157-SWARM ["desc"]
-
[E] OWASP A6:2017-DOCKER-IMAGES-BUILD-FILES ["desc"]
-
[E] DOCKER-WIDE-ATTACK-SURFACE-DAEMON ["desc"]
-
[E] CAPEC-125-DAEMON ["desc"]
-
[E] CAPEC-37-CONTAINER-COMMUNICATION ["desc"]
-
[E] CAPEC-122-DOCKER-LINUX ["desc"]
-
[E] CAPEC-122-DOCKER-DAEMON-CONFIG ["desc"]
-
[E] DOCKER-WIDE-ATTACK-SURFACE-CONTAINER ["desc"]
-
[E] DOCKER-WIDE-ATTACK-SURFACE-SWARM ["desc"]
-
[E] OWASP A10:2017-LINUX ["desc"]
-
[E] CAPEC-94-DAEMON ["desc"]
-
[E] CAPEC-122-DOCKER-CONTAINERS ["desc"]
-
[E] OWASP A6:2017-DOCKER-CONTAINER-RUNTIME ["desc"]
-
[N] INSUFFICIENT-LOGGING-MONITORING
-
[N] UNAUTHORIZED-ACCESS-CONTAINER-VOLUMES
-
[N] no-security-procedures-access-control
-
[N] insecure-default-configuration
-
[N] CAPEC-459
-
[N] UNAUTHORIZED-ACCESS-NETWORK
-
[N] CAPEC-39
-
[N] CAPEC-115
-
[N] CAPEC-130-01
-
[N] sec-vuln-dev-process
-
[N] LOSS-DATA-REMOVED
-
[N] UNAUTHZ-SERVICES-NOT-UPDATE
-
[N] T-NIST-800-190-01
-
-
Weaknesses
-
[D] CWE-398
-
[E] CWE-324 ["desc"]
-
[D] CWE-524
-
[D] CWE-120
-
[D] CWE-485-PREPROD
-
[D] MOB-DATA
-
[N] CWE-653
-
[N] CWE-654
-
[N] lack-automated-vuln-identification
-
[N] CWE-295
-
[N] CWE-494
-
[N] CWE-410
-
[N] CWE-909
-
[N] CWE-269
-
[N] CWE-665
-
[N] CWE-921
-
[N] NOT_BACKUP_POLICIES
-
[N] W-NIST-800-190-01
-
-
Supported Standards
-
[N] nist-800-190
-
-
Component Definitions
-
[N] CD-DOCKER-CLIENT
-
[N] CD-DOCKER-REGISTRY
-
[E] docker-container ["desc"]
-
[E] docker-linux-host ["desc"]
-
[E] CD-MICROSOFT-AZURE-DATABRICKS ["name"]
-
[E] CD-MICROSOFT-AZURE-MARKETPLACE ["name"]
-
[E] CD-MICROSOFT-AZURE-RELAY ["desc"]
-
[E] CD-MICROSOFT-AZURE-SYNAPSE-ANALYTICS ["desc"]
-
[E] CD-MICROSOFT-AZURE-WAF ["name"]
-
[E] CD-MEDIACONNECT ["desc"]
-
[E] CD-MEDIACONVERT ["desc"]
-
[E] CD-MEDIALIVE ["desc"]
-
[E] CD-MEDIAPACKAGE ["desc"]
-
[E] CD-MEDIASTORE ["desc"]
-
[E] CD-MEDIATAILOR ["desc"]
-
[E] elasticsearch ["desc"]
-
[E] kubernetes-cluster ["desc"]
-
[E] kubernetes-node ["desc"]
-
-
Usecases
-
[N] ACCESS-CONTROL
-
-
Controls
-
[E] D5.24 ["desc","steps"]
-
[D] D5.23
-
[E] D5.22 ["name","desc","steps"]
-
[E] D5.21 ["desc","steps"]
-
[E] D5.20 ["name","desc","steps"]
-
[E] D5.19 ["desc","steps"]
-
[E] D5.18 ["desc","steps"]
-
[E] D5.17 ["desc","steps"]
-
[D] D5.16
-
[D] D5.15
-
[E] D5.14 ["desc","steps"]
-
[E] D4.9 ["desc","steps"]
-
[E] D4.8 ["desc","steps"]
-
[E] D4.7 ["desc","steps"]
-
[E] D4.6 ["desc","steps"]
-
[D] D3.10
-
[E] D4.5 ["desc","steps"]
-
[D] D3.11
-
[E] D4.4 ["desc","steps"]
-
[E] D4.3 ["desc","steps"]
-
[E] D4.2 ["desc","steps"]
-
[E] D5.31 ["desc","steps"]
-
[E] D4.1 ["desc","steps"]
-
[D] D5.30
-
[E] D5.29 ["desc","steps"]
-
[E] D5.28 ["desc","steps"]
-
[E] D5.27 ["desc","steps"]
-
[E] D5.26 ["desc","steps"]
-
[E] D5.25 ["desc","steps"]
-
[E] D2.10 ["desc","steps"]
-
[E] D7.9 ["desc","steps"]
-
[E] D7.8 ["desc","steps"]
-
[E] D7.7 ["desc","steps"]
-
[E] D7.6 ["desc","steps"]
-
[D] D3.9
-
[E] D7.5 ["desc","steps"]
-
[D] D3.8
-
[E] D7.4 ["desc","steps"]
-
[D] D3.7
-
[E] D7.3 ["desc","steps"]
-
[E] D5.13 ["desc","steps"]
-
[D] D3.6
-
[E] D7.2 ["desc","steps"]
-
[E] D5.12 ["desc","steps"]
-
[D] D3.5
-
[E] D7.1 ["desc","steps"]
-
[E] D5.11 ["desc","steps"]
-
[D] D3.4
-
[E] D5.10 ["desc","steps"]
-
[D] D3.3
-
[E] D3.2 ["name","desc","steps"]
-
[E] D3.1 ["name","desc","steps"]
-
[E] D2.16 ["desc","steps"]
-
[E] D2.15 ["desc","steps"]
-
[E] D2.18 ["desc","steps"]
-
[E] D2.17 ["desc","steps"]
-
[E] D2.12 ["desc","steps"]
-
[E] D2.11 ["desc","steps"]
-
[E] D2.14 ["desc","steps"]
-
[E] D2.13 ["desc","steps"]
-
[E] D4.11 ["desc","steps"]
-
[D] D4.10
-
[D] D1.11
-
[D] D1.10
-
[D] D1.13
-
[D] D1.12
-
[E] D2.9 ["desc","steps"]
-
[E] D2.8 ["desc","steps"]
-
[E] D2.7 ["desc","steps"]
-
[E] D2.6 ["desc","steps"]
-
[E] D6.2 ["desc","steps"]
-
[E] D2.5 ["desc","steps"]
-
[E] D6.1 ["desc","steps"]
-
[E] D2.4 ["desc","steps"]
-
[E] D2.3 ["desc","steps"]
-
[E] D2.2 ["desc","steps"]
-
[E] D7.10 ["desc","steps"]
-
[D] D3.20
-
[D] D3.18
-
[D] D3.19
-
[D] D3.16
-
[D] D3.17
-
[D] D3.14
-
[D] D3.15
-
[D] D3.12
-
[D] D3.13
-
[D] D5.9
-
[E] D5.8 ["desc","steps"]
-
[E] D5.7 ["desc","steps"]
-
[E] D5.6 ["desc","steps"]
-
[E] D5.5 ["desc","steps"]
-
[D] D1.9
-
[E] D5.4 ["desc","steps"]
-
[D] D1.8
-
[E] D5.3 ["desc","steps"]
-
[D] D1.7
-
[E] D5.2 ["name","desc","steps"]
-
[E] D1.6 ["name","desc","steps"]
-
[E] D2.1.2 ["desc","steps"]
-
[E] D5.1 ["desc","steps"]
-
[E] D1.5 ["desc","steps"]
-
[E] D2.1.1 ["desc","steps"]
-
[E] D1.4 ["desc","steps"]
-
[E] D1.3 ["desc","steps"]
-
[E] D1.2 ["desc","steps"]
-
[E] D1.1 ["desc","steps"]
-
[N] C-CSVS-23
-
[N] C-CSVS-22
-
[N] C-CSVS-21
-
[N] C-CSVS-20
-
[N] C-CSVS-27
-
[N] C-CSVS-26
-
[N] C-CSVS-25
-
[N] C-CSVS-24
-
[N] C-CSVS-29
-
[N] C-CSVS-28
-
[N] C-CSVS-30
-
[N] C-CSVS-34
-
[N] C-CSVS-33
-
[N] C-CSVS-32
-
[N] C-CSVS-31
-
[N] C-CSVS-37
-
[N] C-CSVS-36
-
[N] C-NIST-800-190-01
-
[N] C-CSVS-35
-
[N] C-NIST-800-190-03
-
[N] C-NIST-800-190-04
-
[N] C-NIST-800-190-05
-
[N] C-NIST-800-190-06
-
[N] C-CSVS-01
-
[N] C-CSVS-05
-
[N] C-CSVS-04
-
[N] C-CSVS-03
-
[N] C-CSVS-02
-
[N] C-CSVS-09
-
[N] C-CSVS-08
-
[N] C-CSVS-07
-
[N] C-CSVS-06
-
[N] C-CSVS-12
-
[N] C-CSVS-11
-
[N] C-CSVS-10
-
[N] C-CSVS-16
-
[N] C-CSVS-15
-
[N] C-CSVS-14
-
[N] C-CSVS-13
-
[N] C-CSVS-19
-
[N] C-CSVS-18
-
[N] C-CSVS-17
-
[N] C-DOCKER-CLIENT-01
-
[N] C-NIST-800-190-02
-
-
RiskPattern
-
[E] DOCKER-DAEMON-CONFIGURATION ["name"]
-
[N] RP-DOCKER-CLIENT
-
[N] RP-DOCKER-REGISTRY
-
-
Rules
-
[N] Q: EU GDPR - All - PII - European Subjects
-
[D] Q: EU GDPR - All - PII - European Subjects (Client)
-
[D] Q: EU GDPR - All - PII - European Subjects (DataStore)
-
[D] Q: EU GDPR - All - PII - European Subjects (IoT Application)
-
[D] Q: EU GDPR - All - PII - European Subjects (IoT Mobile Application)
-
[D] Q: EU GDPR - All - PII - European Subjects (Mobile Device Client)
-
[D] Q: EU GDPR - All - PII - European Subjects (Service)
-
Comments
0 comments
Article is closed for comments.