The iboss Zero Trust Secure Service Edge provides resource tags that are used to label resources and organize them by type and category. There are a large number of built-in resource tags and categories that can organize resources by department or functional area within an organization. Additionally, custom tags and categories can be created to ensure resources can be organized for any type of scenario or organization. Labeling resources with tags provides a central repository for all resources that is clearly organized and can be used for risk assessments or executive leadership presentations.
Classify resources by security objectives and impact levels according to FIPS 199
Each resource tag is associated with three security objectives, each with an impact level of low, moderate or high. The three security objectives match the definitions provided in NIST FIPS 199.
The three security objectives are:
- Confidentiality – Relates to unauthorized disclosure or data loss
- Integrity – Relates to the destruction of data or services
- Availability – Relates to the impact of interruption to a service or access to data
For each security objective, an impact level is assigned either a low, moderate or high rating, depending on the impact to the organization if that security objective was affected. By labeling resources, security objectives and impact levels are automatically assigned which provides a clear understanding of the landscape that needs to be protected.
Once resources are labeled, the iboss Zero Trust Secure Service Edge automatically creates the reports that present resources by type, category, security objective and impact level. The reporting dashboards can be filtered to show how resources interact with users and assets. Additionally, the reporting dashboards show the number of accesses and risk scores for the resource. This information is made possible by leveraging the labels whenever users and assets interact with protected resources.