View Source

Description

The Security Traceability (Sc-Tr) domain depicts the mapping of a risk to each of the following: risk owner, risk mitigations, and affected asset roles.

Implementation

The Security Traceability (Sc-Tr) domain is represented by:

Security Controls to Risks Mapping Matrix shows which operational or resource asset roles mitigate risks.
Risks to Assets Mapping Matrix shows which risks are applicable to Asset Roles.

Sample

UAF Plugin 2021x Refresh2 > Security Traceability > security_controls_to_risk_mapping.png

An example of the Security Controls to Risk Mapping Matrix

UAF Plugin 2021x Refresh2 > Security Traceability > risk_to_assets_mapping.png

An example of the Risks to Assets Mapping Matrix

Related procedures