As part of the migration of the user interface to React we have been working hard on improving the Home Dashboard. This will become the go-to place to see an overview of all of your projects and will allow you act on global insights.
This release includes an intermediary stage where the current Dashboard widgets have been migrated to the My Portfolio section. The “Threats assigned to me” and “Countermeasures assigned to me“ tables can now be found under My Portfolio as well as the Portfolio Threats and Risk Summary. The Dashboard still has these tables as well as the Audit Log, but will designed in a coming release. This means there will be a duplication in where those widgets are available until the new Home Dashboard is released.
The Projects list now shows you when threat models are being updated. While projects are being updated, certain actions for projects in the Projects page aren’t possible, for example deleting a project. Previously you had to go into a specific threat model to see if it was in the process of being updated. As of this release the “Module updated” column will show any threat models being updated with an “Updating model…” message.
Threats and Countermeasures
Over the past few releases we’ve made a number of improvements and additions to the filtering for threats and countermeasures. These included better multiple selection as well as a more things to filter on.
To make clearing of selected filters easier we have introduced a new “Clear all filters” option to threats and countermeasures filters. It shows up when you have one or more filters selected.
Reporting and Analytics
Continuing with the improvements to the Compliance Report, we now include a fantastic new Compliance Summary section that show charts of key compliance data. Each Standard reference shows the number of countermeasures across the compliance statuses.
In addition to this, custom fields for a project are now presented in all the default IriusRisk reports. This is especially useful for including organizational metadata about a project.
Managing user access and roles is a key part of any cybersecurity tool as roles and permissions need to match an organization’s internal structure and policies. IriusRisk provides a number of useful roles out of the box, but creating new custom roles has meant having to select every single permission that applies to that role.
As of this release you can now duplicate an existing role, including all of the existing permissions. For example, if you want to have two different types of DEVELOPER roles you can simply duplicate the default ROLE_DEVELOPER role, adjust the permissions as needed, and you’re done - no more having to select a ton of checkboxes!
In addition to this, as you can see in the above Roles screenshot, protected roles that cannot be changed or deleted now also show a locked padlock icon.
The PCI DSS library has been updated to include content for PCI DSS v4 and PCI SSS, including:
- One new component definition CD-PCI-APPROVED-POI-DEVICE that represents a payment device that interacts with the cardholder's card, along with a corresponding new risk pattern
- 10 new countermeasures from PCI-DSS v4.0
- 24 new countermeasures from PCI-SSS
- 29 countermeasures updated with new content from PCI-DSS v4.0
- PCI-DSS v3.2.1 added to new countermeasures to keep backwards compatibility
As of this release the PCI-DSS v4.0 standard will be applied automatically instead of PCI-DSS v3.2.1. Note that this implies that new countermeasures can appear in your previous models. If you want to prevent that you should lock the relevant threat models.
10 new GCP components have been added in this release, including:
- Google Cloud API Gateway
- Google Cloud VPN
- Google Cloud NAT
- Plus more!
For more information, see the Version 4.4 Release Notes.
Shape the future of Threat Modeling with us!
Join IriusRisk Horizon
IriusRisk Horizon - Customer Research, Product Discovery, and Early Access
Bringing you the latest on all things threat modeling and architectural security.