NCSC Cyber Asssessment Framework

Details
Content
Dependencies
Version History
Download With Dependencies

This pack contains an incident type and relevant fields to initiate a self-assessment against the National Cyber Security Centre's Cyber Assessment Framework. All assessment questions are sent via e-mail and the responses also sent via e-mail. The assessments can also be answered within the Cortex XSOAR platform.

PUBLISHER

Adam Burt

INFO

Supported By	Community
Created	January 27, 2021
Last Release	December 21, 2021

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.

Playbooks

Name	Description
NCSC CAF Assessment	This playbook executes automatically as part of the NCSC Assessment Incident Type. It will send the relevant questions (via e-mail) to each participant and generate the assessment results.

Automations

Name	Description
NCSCQuestionPopulate	Populate a list named "NCSC CAF Assessment" with a list of the NCSC Questions.
EntryWidgetNCSCResultsC	This script populates results for the dynamic content shown in the incident layout.
NCSCFieldProtection	This script protects the fields associated with the assessment from accidental modification.
NCSCReportDetails_A	This script generates the report details for the individual CAF Section. This automation runs using the default Limited User role, unless you explicitly change the permissions. For more information, see the section about permissions here: https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-2/cortex-xsoar-admin/playbooks/automations.html
NCSCReportOverview	This script generates the report details for the individual CAF Section. This automation runs using the default Limited User role, unless you explicitly change the permissions. For more information, see the section about permissions here: https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-2/cortex-xsoar-admin/playbooks/automations.html
NCSCReportDetails	This script generates the report details used in the final report. This automation runs using the default Limited User role, unless you explicitly change the permissions. For more information, see the section about permissions here: https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-2/cortex-xsoar-admin/playbooks/automations.html
NCSCReportDetails_C	This script generates the report details for the individual CAF Section. This automation runs using the default Limited User role, unless you explicitly change the permissions. For more information, see the section about permissions here: https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-2/cortex-xsoar-admin/playbooks/automations.html
NCSCCalculateQuestionsScore	This script calculates the score based on the question and answer responses.
EntryWidgetNCSCResultsD	This script populates results for the dynamic content shown in the incident layout.
EntryWidgetNCSCResultsA	This script populates results for the dynamic content shown in the incident layout.
NCSCReportDetails_D	This script generates the report details for the individual CAF Section. This automation runs using the default Limited User role, unless you explicitly change the permissions. For more information, see the section about permissions here: https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-2/cortex-xsoar-admin/playbooks/automations.html
EntryWidgetNCSCResultsB	This script populates results for the dynamic content shown in the incident layout.
NCSCReportDetails_B	This script generates the report details for the individual CAF Section. This automation runs using the default Limited User role, unless you explicitly change the permissions. For more information, see the section about permissions here: https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-2/cortex-xsoar-admin/playbooks/automations.html

undefined

Name	Description
NCSC Assessment	This if the final report generated when all CAF section questions are answered.

Layouts

Name	Description
NCSC CAF Assessment

Incident Types

Name	Description
NCSC CAF Assessment

Incident Fields

Name	Description
CAF C Answers
CAF A Answers
CAF B Result
CAF Overall Result
CAF D Result
CAF C Questions
CAF C Details
CAF Regulator Email	The e-mail address of the regulator or assessor of this assessment
CAF C Email	Enter the e-mail address of the person responsible for answering questions related to "Detecting cyber security events"
CAF B Achievement
CAF A Result Raw
CAF A Email	Enter the e-mail address of the person responsible for answering questions related to "Managing security risk"
CAF B Email	Enter the e-mail address of the person responsible for answering questions related to "Protecting against cyber-attack"
CAF C Status
CAF A Achievement
NCSC Assessment Status
CAF A Status
CAF D Status
CAF C Result Raw
CAF B Answers
CAF B Result Raw
CAF B Details
CAF D Details
CAF A Result
CAF A Details
CAF D Email	Enter the e-mail address of the person responsible for answering questions related to "Minimising the impact of cyber security incidents"
CAF B Status
CAF D Result Raw
CAF C Achievement
CAF D Questions
CAF C Result
CAF D Achievement
CAF D Answers
CAF A Questions
CAF B Questions

Pack Name	Pack By
CommonScripts	By: Cortex XSOAR
Base	By: Cortex XSOAR
GetServerURL	By: Cortex XSOAR
DemistoRESTAPI	By: Cortex XSOAR

1.1.2 - R2146019 (December 21, 2021)

Scripts

Multiple Scrips Changes:

Added reference to required permissions in automation's description and README.

NCSCReportOverview
NCSCReportDetails
NCSCReportDetails_A
NCSCReportDetails_B
NCSCReportDetails_C
NCSCReportDetails_D

Download

1.1.1 - 1959372 (November 16, 2021)

Incident Fields

CAF D Status
- Maintenance and stability enhancements.
CAF D Achievement
- Maintenance and stability enhancements.
CAF C Achievement
- Maintenance and stability enhancements.
CAF B Status
- Maintenance and stability enhancements.
CAF A Status
- Maintenance and stability enhancements.
CAF C Status
- Maintenance and stability enhancements.
CAF A Achievement
- Maintenance and stability enhancements.
CAF Overall Result
- Maintenance and stability enhancements.
CAF B Achievement
- Maintenance and stability enhancements.

Download

1.1.0 - 1882648 (November 2, 2021)

Scripts

Breaking Change The following breaking change applies for organizations that implement pre-set roles on their incidents:
DBotRole has been removed from these automations. This change will affect any playbook that is dependent on, or runs, these automations.
These automations will now run using the default Limited User role, unless you explicitly change the permissions.
For more information, see the section about permissions here:
https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-2/cortex-xsoar-admin/playbooks/automations.html

##### NCSCReportDetails_A
##### NCSCReportDetails_B
##### NCSCReportOverview
##### NCSCReportDetails
##### NCSCReportDetails_D
##### NCSCReportDetails_C

Download

1.0.3 - 7772209 (September 25, 2021)

Scripts

EntryWidgetNCSCResultsA

Updated the Docker image to: demisto/python3:3.9.7.24076.

EntryWidgetNCSCResultsB

Updated the Docker image to: demisto/python3:3.9.7.24076.

EntryWidgetNCSCResultsC

Updated the Docker image to: demisto/python3:3.9.7.24076.

EntryWidgetNCSCResultsD

Updated the Docker image to: demisto/python3:3.9.7.24076.

NCSCCalculateQuestionsScore

Updated the Docker image to: demisto/python3:3.9.7.24076.

NCSCFieldProtection

Updated the Docker image to: demisto/python3:3.9.7.24076.

NCSCQuestionPopulate

Updated the Docker image to: demisto/python3:3.9.7.24076.

NCSCReportDetails

Updated the Docker image to: demisto/python3:3.9.7.24076.

NCSCReportDetails_A

Updated the Docker image to: demisto/python3:3.9.7.24076.

NCSCReportDetails_B

Updated the Docker image to: demisto/python3:3.9.7.24076.

NCSCReportDetails_C

Updated the Docker image to: demisto/python3:3.9.7.24076.

NCSCReportDetails_D

Updated the Docker image to: demisto/python3:3.9.7.24076.

NCSCReportOverview

Updated the Docker image to: demisto/python3:3.9.7.24076.

Download

1.0.2 - 7584045 (September 13, 2021)

Layouts

NCSC CAF Assessment

Updated the script IDs in the layoutscontainer-NCSC_CAF_Assessment to the relevant script IDs.

Download

1.0.1 - 394494 (July 8, 2021)

Scripts

NCSCReportDetails_D

Updated the script to execute using the DBot role.
Upgraded the Docker image to: demisto/python3:3.9.5.21272.

NCSCReportDetails_B

Updated the script to execute using the DBot role.
Upgraded the Docker image to: demisto/python3:3.9.5.21272.

NCSCReportDetails

Updated the script to execute using the DBot role.
Upgraded the Docker image to: demisto/python3:3.9.5.21272.

NCSCReportOverview

Updated the script to execute using the DBot role.
Upgraded the Docker image to: demisto/python3:3.9.5.21272.

NCSCReportDetails_C

Updated the script to execute using the DBot role.
Upgraded the Docker image to: demisto/python3:3.9.5.21272.

NCSCReportDetails_A

Updated the script to execute using the DBot role.
Upgraded the Docker image to: demisto/python3:3.9.5.21272.

Download

1.0.0 - 394234 (January 27, 2021)

This pack contains an incident type and relevant fields to initiate a self-assessment against the National Cyber Security Centre's Cyber Assessment Framework.

All assessment questions are sent via e-mail and the responses also sent via e-mail. The assessments can also be answered within the Cortex XSOAR platform.

Download