Ciso Logo
Ciso Logo

Release 3.22.0

Published: December 25, 2022Last updated: March 25, 2024

  • Security Requirements
    • Security mechanisms have been upgraded and renamed to security requirements.
    • Each security requirement can be divided into any number of specifications, which can be independently required, instead of fixed base-, enhanced-, and ultra-levels.
    • Requirement specifications can be required for and applied to objects depending on various conditions, e.g. security goals, handled information, tags, etc.
    • If an application has no connected devices or locations, requirements applicable to devices or locations are now propagated to and required at the organization providing the application. This differs from previous functionality, but should better reflect all requirements.
    • NOTE - this will affect the overall degree of fulfillment of security requirements and SOAs. If you have set goals on specific percentages of fulfillment, these goals will have to be recalibrated!
  • Supplier Reviews
    • Plan, perform and evaluate supplier reviews in ESM.
    • Supplier contact persons can answer a self-assessment questionnaire in an online portal via email invitation.
    • The self-assessment questionnaire for a supplier is automatically generated using security requirements that are required in ESM for that supplier. Statements made in the questionnaire are reflected in the fulfillment of these security requirements upon completion of the supplier review.
    • Supplier contact persons can invite other contact persons to collaborate in this self-assessment questionnaire.
    • New report showing ongoing and completed supplier reviews.
  • Performance Evaluations
    • It is now possible to evaluate the performance of a supplier using customizable performance criteria.
    • New report showing supplier performance evaluations.
  • SS-EN ISO/IEC 27002:2022
    • Added standard.
    • ISO/IEC 27002:2022 comes with a new type of categorization, which enables classification security controls in standards according to cyber security concepts, information security goals, operational capabilities and security domains.
  • Various updates
    • A radar chart has been added to the security requirement report, displaying the distribution of security requirements in the five ISO cyber security concepts (Identify, Protect, Detect, Respond and Recover).
    • It is now possible to filter the security requirements report usings tags, which will restrict the fulfillment of requirements to tagged objects.
    • The left sidebar menu that is used in various sections of ESM has received a minor facelift.
    • Subtypes have been added to devices and locations.
    • Contact details for an organization are now visible in a separate tab.
  • Minor bugfixes
    • Fixed a bug which caused an error when clicking on an index in an aggregated SOA report.
    • Fixed a bug where links to processes were sometimes created in the wrong process diagram.
    • The tooltip used in tables showing indirectly connected objects now works again.
    • Options in the left side navigation drop-down menu are now clickable using the full width of the menu.
    • The left sidebar menu is now visible also in the personal data report.
    • Statements made by a user subsequently deleted from ESM are now still shown as stated by that user.
    • The pie chart in the security requirement report is now updated when using a filter in the requirement table.
    • All filters in the security requirement report table should now be working correctly.