Content matrix

Version

Summary of content

Comments

1.18

GUI updates
Improvements for Industry Standards

Can be used with:

≥ 8.3.3

1.18.2

Resolved issues

Internal ID	Ticket ID	Summary	Affects Version/s
DASHBOARDS-2378	23542	Unable to access dashboard when SAML keystore is configured using SHA256 algorithm	1.16.0

Update

Dashboard supports the SAML Keystore file which is generated using the SHA256 algorithm

To generate a Keystore file with SHA256 algorithm:

keytool -genkey -alias <some-alias> -keyalg RSA -sigalg SHA256withRSA -keysize 2048 -validity 3650 -keystore <samlKeystore.jks>

1.18.0

Resolved issues

Internal ID	Ticket ID	Summary	Affects Version/s
DASHBOARDS-2233	23034	Unable to generate the AEP report through RG command line	1.16.0
DASHBOARDS-2362	23527	Tile "Application Components" is never loading	1.17.1
DASHBOARDS-2369	-	Fix console error on API fails	1.12.0
DASHBOARDS-2364	-	Application selector is missing in ED	1.18.0

Updates

What's New option added

In the left menu panel, an icon "What's New" has been added below the existing Help icon, enabling users to explore the latest released features.

Clicking the What's New icon will redirect to a special documentation page, which contains a brief of release showing the most important updates included in the current (and previous) releases:

CAST Security > 1.18 > What'sNewicon.png

Check for update option added

An option, Check for update has been added to the user profile drop down list for Admin users. Clicking the Check for update option will display a dialog box showing the current Dashboard version information, and whether a new version is available:

CAST Security > 1.18 > checkforupdate.png

CAST Security > 1.18 > SD_Checkforupdate2.png

CAST Security > 1.18 > SD_Checforupdate.png

Check for update option is available only for admin user.

Industry Standard tiles can be created in SD

It is now possible to create industry-standard tiles in the Security Dashboard to display a violation count. Tile can be configured for the following industry standards and their child business criteria:

Tile can be configured as below in ed.json file (formerly ced.json):

Drill down works well if the tile is configured with security metrics ( CISQ-Security or OMG-ASCQM-Security).

{
            "type": "IndustryStandards",
            "parameters":
            { "title": "CISQ Security", "id": "1062104" }  ,
            "color": "dark-blue",
                "col": 3,
                "row": 1,
                "sizex": 1,
                "sizey": 1,
                "max-sizex": 2,
                "max-sizey": 1
            },

CAST Security > 1.18 > SD_CISQ_violations.png

Clicking on the tile navigates to Risk Investigation page and the specified Industry Standard will be selected in the Health Factor table. This tile displays N/A if the application does not have data for industry standards and the clicking option is disabled in this case.

CAST Security > 1.18 > SD_CISQ.png

Navigate using Industry Standard compliance items

In the Risk investigation view, a filter has been added to list all Assessment Models that are present in the Dashboard schema. The default is set to "AIP Assessment Model" and this is always present. Users will have the option to switch to a different Assessment Model if they have installed one of the available Industry Standard extensions:

The drop-down list will be disabled if no Industry Standard extensions are installed and will instead only show the "AIP Assessment Model".

OWASP will be supported in a future release.

Example showing AIP Assessment Model and additional Assessment Models from Industry Standard extensions:

Click to enlarge

CISQ Assessment Model selected:

Click to enlarge

As a result of the changes described above, the existing Module and Technology filters have been moved to a collapsible menu:

CAST Security > 1.18 > SD_AIPAssesment3NEW.png