Cyver Core provides compliance norms and checklists. Your organization can utilize these as-is, customize existing norms, or build your own. Click “Settings” in the left-hand menu in the Cyver Core portal, and then select, “Compliance norms”.
Edit or Update Existing Compliance Norms
1. Click on an Compliance Norm from the existing list
2. Click the blue “Actions” button in the top right corner to Edit or Delete the Norm
OR click on "..." from the list of Pentest Norms to Edit or Delete
Edit
Click “Edit” to move a Compliance Norm from Draft to Published or to unpublish back to draft. You can also update external links to audit norm sources or reference information.
- Click "Group Objectives" to manually add new Group Objectives
- Click "Tasks" to manually add new Tasks
Delete
Click “Delete” to remove the Compliance Norm from your list. You will have one confirmation popup. Important: At this time, there is no recycle bin or archive. Once deleted, Compliance Norms are gone for good.
Add Compliance Norms
Click the “+ New Compliance Norm” button in the mid-top right to create a new Compliance Norm. Manually add Control Groups and Tasks to proceed. New Compliance Norms default as “Draft” options, meaning they are not visible to Clients and cannot be used in Projects. This allows you to take time to build an Compliance Norm before publishing it.
Upload New Compliance Norms
- Click the “+ New Compliance Norm” button in the top right of the platform.
- Add a name, description, and code for your new Compliance Norm
- Click “Save”
- Select the newly created Compliance Norm from the list
- Click “Control Groups”
- Click “+ New Control Group”
Control Groups
Manually add Control Groups to a Pentest Norm.
Control Groups include:
- Control objective Code
- Name
- Description
- URL to source/reference
Click “...” on the far right of any existing Control Group to edit or delete
Pentest Checklists
Pentest Checklists can be created manually and linked to Control Groups. For this reason, it’s ideal to create Control Groups before moving on to Pentest Checklists.
Pentest Checklists are visible from the left-hand menu by clicking “Settings”, “Checklist Templates”. These include sets of Tasks, which are automatically linked to Pentests through Control Groups. From there, Pentesters assigned to the Pentest automatically receive Task assignments.
Checklist Templates are organized:
- Checklist (e.g., OWASP ASVS 4.0 L3)
- Task Group (e.g., Security Verification Requirements)
- Task (e.g., Verify cryptographic keys and certificates are unique to each device)
To build a new Checklist Template:
Click “+ New Checklist” to create a new Checklist.
This includes:
- Code
- Name
- Description
- Source Link/external reference
- Linked Control Objective
Click “...” on the right of any existing Checklist to edit or delete
To Add Tasks Groups:
- Click the newly created Checklist
- Click “Task Groups”
- Click “+ New Task Group”
- Add Data
To Add Tasks:
- Click the newly created Task Group
- Click “+ New Task”
- Add Data
New Checklists are automatically created in “Draft” status. This allows you to take time to build them before making them visible.
Once you're finished, click through to Part 4 of Getting Started: Setting Up Report Templates