What’s New in Our Latest Version of SD Elements (January 2019 — June 2019)

June 17, 2019

Our policy-to-execution platform, SD Elements, is regularly updated by our in-house research and SD Elements development team at Security Compass. We continuously release new versions of SD Elements, offering users updated content and functionalities to use within our platform. Our process of releasing new versions of SD Elements is done to ensure that our platform meets and anticipates users’ needs, based on their feedback and experience with our product. Below, we review the specifics of what has been improved in SD Elements throughout the last 4 releases.

4.23 (Latest Release): May — June 2019

Functionality Updates

(i) Remote Integration Agent, Version 2

–This is a utility designed to help cloud-based SD Elements instances to synchronize with on-premise ALMs, verification tools, and Lightweight Directory Access Protocol (LDAP) directories. The SD Elements integration process normally requires direct network access to the server it’s integrating with. In such a case, the server is accessible to SD Elements. If a server is hosted in a different network or restrictions prevent direct communication, then the server is inaccessible to SD Elements. Using the Remote Integration Agent, SD Elements can integrate with systems hosted on a different network.

(ii) Enhanced Pivotal Tracker Integration

–Pivotal Tracker is one of the Application Lifecycle Management integrations supported within SD Elements. It’s a development workflow tool.

–SD Elements users can now map a status in Pivotal Tracker to a custom task status in SD Elements (e.g., they can map an “In Progress” Pivotal Tracker task status to an “In Progress” SD Elements task status). This offers more visibility into different task statuses.

(iii) LDAP Group Mapping Improvements

–SD Elements LDAP Synchronization allows organizations to leverage their LDAP repository so that they can manage the list of active users as well as their group membership in SD Elements.

–LDAP administrators are now able to use the SD Elements APIs to update the group mappings in their organizations, without having to reload the entire mapping data. This allows them to keep their group mappings up-to-date without encountering timeouts, mapping size limitations, and sync conflicts.

Content Updates:

–Improved SD Elements tasks based on SonarQube mappings and findings (WebbApp, PHP, Java)

–New Angular content (tasks, how-tos, and amendments)

–New AWS Lambda content (tasks, how-tos, and amendments)

4.22 Release: March-May 2019

Content Updates:

–New Just-in-Time-Training content, including Defending Java, Defending Mobile, Defending C, Defending Django, GDPR for Developers, OWASP Top 10 2017, PCI SSL C, and PCI DSS

–Added content for Microsoft SQL server, based on CIS benchmarks (tasks, how-tos, and amendments)

4.21 Release: February — March 2019

Functionality Updates:

(i) Project Tasks Page Improvements

–Cleaned up the Project Tasks Page so that only the phases that actually contain tasks are visible in the user interface.

(ii) API Improvement

–Users can now update their SD Elements survey answers in bulk via the Survey Draft API endpoints.

Content Updates:

–Improved content for industrial control systems based on ISA 62443–4–2

–Improved web application content (added defense for Server Side Request Forgery and content for the security of Node.js modules)

4.20 Release: January — February 2019

Functionality Updates:

(i) Sticky Additional Requirements

–Users can drag and drop the Additional Requirements of a task. This allows them to re-order select requirements within a task for greater visibility.

(ii) ALM Integration

–Users can now add support for story issue types in IBM Rational Team Concert connections. That is, story issues are now syncing with relevant tasks in SD Elements.

Content Updates:

–Updated CWE entries to CWE 3.2

–Added ANSI/ISA-62443, Part 4–2 (Technical security requirements for IACS components) content, description, and mappings were revised and updated based on the latest (August 2018) version of the standard.

–Added NIST 800–171 compliance regulation report

–Added content for message throttling in RESTful APIs

To learn more about SD Elements, contact us here: https://www.securitycompass.com/sdelements/

Previous Article
Shifting the Paradigm for Connected Car Security
Shifting the Paradigm for Connected Car Security

Learn about the security required for connected cars.

Next Article
Building a Cybersecurity Program for Industrial Control Systems
Building a Cybersecurity Program for Industrial Control Systems

Industrial control systems have evolved considerably over the last few years as a result of increased conne...

Learn how you can use SD Elements to integrate security into software development.

Watch Video