Guide to Adding a New Assessment Type for Evaluation

This guide provides a straightforward explanation of how to add a new assessment type within the EPM platform. This process involves retrieving, synchronizing, and evaluating assessment data to ensure compliance.

Overview

The assessment process in EPM is designed to evaluate compliance by analyzing specific data points. This involves three main steps:

1. Defining a responsibility: You will need to define a responsibility with a PLAN_ID which corresponds to your assessment results via the Content Mgmt UI.
2. Retrieving Assessment Results: Gather the most recent assessment data to ensure you have the latest information.
3. Evaluating Compliance: Determine the compliance status based on the synchronized data.

Steps to Add a New Assessment Type

0. Implement an assessment in Asset Readiness

See the documentation here:

• An introduction to Asset Readiness
• Contributing Controls to Asset Readiness Platform (ar-evaluator)

A key thing to keep in mind here is that the "Asset Class" being defined in AR (Asset Readiness) must match an already existing component in EPM. If no such a component exists. You will need to work with the EPM Team to get discovery added for such a component.

1. Define a Responsibility

You will need to define a responsibility of type instance assessment. See the content management guide for more help on this

2. Retrieve Assessment Results

Not much is required from you as a contributor in this step. We just need to make sure that EPM is able to correctly associate asset class and id to a specific component instance.

More work is needed here to ensure that EPM can match the asset ID to its concept of component instance Id.

Reach out to #help-enterprise-posture-management for support in this step.

3. Evaluate Compliance

Here, you need to either wait for our synch job to run. Usually takes around 24 hours. Otherwise, if you want to kick it off manually. Reach out to #help-enterprise-posture-management

Key Considerations

• Data Accuracy: Ensure that the assessment data is accurate and up-to-date to reflect the true compliance status.
• Component Alignment: Verify that assessments are correctly aligned with the appropriate components and responsibilities.
• Automation: The process is largely automated, but it’s important to understand how data flows through the system.

Support

If you encounter any issues or need further assistance, please reach out to the #help-enterprise-posture-management slack channel for support.