NCSC Cyber Asssessment Framework

Details
Content
Dependencies
Version History
Download With Dependencies

This pack contains an incident type and relevant fields to initiate a self-assessment against the National Cyber Security Centre's Cyber Assessment Framework. All assessment questions are sent via e-mail and the responses also sent via e-mail. The assessments can also be answered within the Cortex XSOAR platform.

PUBLISHER

Adam Burt

INFO

Supported By	Community
Created	January 27, 2021
Last Release	December 21, 2021

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.

Incident Fields

Name	Description
CAF Overall Result
CAF A Status
CAF B Status
CAF A Email	Enter the e-mail address of the person responsible for answering questions related to "Managing security risk"
CAF C Answers
CAF D Result Raw
CAF C Result Raw
CAF D Questions
CAF A Answers
CAF B Details
CAF B Email	Enter the e-mail address of the person responsible for answering questions related to "Protecting against cyber-attack"
CAF C Email	Enter the e-mail address of the person responsible for answering questions related to "Detecting cyber security events"
CAF D Status
CAF D Email	Enter the e-mail address of the person responsible for answering questions related to "Minimising the impact of cyber security incidents"
CAF B Achievement
CAF B Result
CAF A Achievement
CAF D Answers
CAF A Questions
CAF D Result
CAF B Questions
CAF C Achievement
CAF C Details
CAF B Result Raw
CAF D Achievement
NCSC Assessment Status
CAF C Result
CAF C Status
CAF B Answers
CAF A Details
CAF A Result Raw
CAF C Questions
CAF D Details
CAF A Result
CAF Regulator Email	The e-mail address of the regulator or assessor of this assessment

Playbooks

Name	Description
NCSC CAF Assessment	This playbook executes automatically as part of the NCSC Assessment Incident Type. It will send the relevant questions (via e-mail) to each participant and generate the assessment results.

Incident Types

Name	Description
NCSC CAF Assessment

Layouts

Name	Description
NCSC CAF Assessment

Automations

Name	Description
NCSCFieldProtection	This script protects the fields associated with the assessment from accidental modification.
NCSCReportDetails_A	This script generates the report details for the individual CAF Section. This automation runs using the default Limited User role, unless you explicitly change the permissions. For more information, see the section about permissions here: https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-2/cortex-xsoar-admin/playbooks/automations.html
EntryWidgetNCSCResultsA	This script populates results for the dynamic content shown in the incident layout.
NCSCReportOverview	This script generates the report details for the individual CAF Section. This automation runs using the default Limited User role, unless you explicitly change the permissions. For more information, see the section about permissions here: https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-2/cortex-xsoar-admin/playbooks/automations.html
NCSCReportDetails_D	This script generates the report details for the individual CAF Section. This automation runs using the default Limited User role, unless you explicitly change the permissions. For more information, see the section about permissions here: https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-2/cortex-xsoar-admin/playbooks/automations.html
EntryWidgetNCSCResultsB	This script populates results for the dynamic content shown in the incident layout.
EntryWidgetNCSCResultsC	This script populates results for the dynamic content shown in the incident layout.
NCSCReportDetails	This script generates the report details used in the final report. This automation runs using the default Limited User role, unless you explicitly change the permissions. For more information, see the section about permissions here: https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-2/cortex-xsoar-admin/playbooks/automations.html
NCSCReportDetails_B	This script generates the report details for the individual CAF Section. This automation runs using the default Limited User role, unless you explicitly change the permissions. For more information, see the section about permissions here: https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-2/cortex-xsoar-admin/playbooks/automations.html
NCSCQuestionPopulate	Populate a list named "NCSC CAF Assessment" with a list of the NCSC Questions.
EntryWidgetNCSCResultsD	This script populates results for the dynamic content shown in the incident layout.
NCSCCalculateQuestionsScore	This script calculates the score based on the question and answer responses.
NCSCReportDetails_C	This script generates the report details for the individual CAF Section. This automation runs using the default Limited User role, unless you explicitly change the permissions. For more information, see the section about permissions here: https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-2/cortex-xsoar-admin/playbooks/automations.html

Report

Name	Description
NCSC Assessment	This if the final report generated when all CAF section questions are answered.

Pack Name	Pack By
GetServerURL	By: Cortex XSOAR
Base	By: Cortex XSOAR
CommonScripts	By: Cortex XSOAR
DemistoRESTAPI	By: Cortex XSOAR

1.1.2 - R2146019 (December 21, 2021)

Scripts

Multiple Scrips Changes:

Added reference to required permissions in automation's description and README.

NCSCReportOverview
NCSCReportDetails
NCSCReportDetails_A
NCSCReportDetails_B
NCSCReportDetails_C
NCSCReportDetails_D

Download

1.1.1 - 1959372 (November 16, 2021)

Incident Fields

CAF D Status
- Maintenance and stability enhancements.
CAF D Achievement
- Maintenance and stability enhancements.
CAF C Achievement
- Maintenance and stability enhancements.
CAF B Status
- Maintenance and stability enhancements.
CAF A Status
- Maintenance and stability enhancements.
CAF C Status
- Maintenance and stability enhancements.
CAF A Achievement
- Maintenance and stability enhancements.
CAF Overall Result
- Maintenance and stability enhancements.
CAF B Achievement
- Maintenance and stability enhancements.

Download

1.1.0 - 1882648 (November 2, 2021)

Scripts

Breaking Change The following breaking change applies for organizations that implement pre-set roles on their incidents:
DBotRole has been removed from these automations. This change will affect any playbook that is dependent on, or runs, these automations.
These automations will now run using the default Limited User role, unless you explicitly change the permissions.
For more information, see the section about permissions here:
https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-2/cortex-xsoar-admin/playbooks/automations.html

##### NCSCReportDetails_A
##### NCSCReportDetails_B
##### NCSCReportOverview
##### NCSCReportDetails
##### NCSCReportDetails_D
##### NCSCReportDetails_C

Download

1.0.3 - 7772209 (September 25, 2021)

Scripts

EntryWidgetNCSCResultsA

Updated the Docker image to: demisto/python3:3.9.7.24076.

EntryWidgetNCSCResultsB

Updated the Docker image to: demisto/python3:3.9.7.24076.

EntryWidgetNCSCResultsC

Updated the Docker image to: demisto/python3:3.9.7.24076.

EntryWidgetNCSCResultsD

Updated the Docker image to: demisto/python3:3.9.7.24076.

NCSCCalculateQuestionsScore

Updated the Docker image to: demisto/python3:3.9.7.24076.

NCSCFieldProtection

Updated the Docker image to: demisto/python3:3.9.7.24076.

NCSCQuestionPopulate

Updated the Docker image to: demisto/python3:3.9.7.24076.

NCSCReportDetails

Updated the Docker image to: demisto/python3:3.9.7.24076.

NCSCReportDetails_A

Updated the Docker image to: demisto/python3:3.9.7.24076.

NCSCReportDetails_B

Updated the Docker image to: demisto/python3:3.9.7.24076.

NCSCReportDetails_C

Updated the Docker image to: demisto/python3:3.9.7.24076.

NCSCReportDetails_D

Updated the Docker image to: demisto/python3:3.9.7.24076.

NCSCReportOverview

Updated the Docker image to: demisto/python3:3.9.7.24076.

Download

1.0.2 - 7584045 (September 13, 2021)

Layouts

NCSC CAF Assessment

Updated the script IDs in the layoutscontainer-NCSC_CAF_Assessment to the relevant script IDs.

Download

1.0.1 - 394494 (July 8, 2021)

Scripts

NCSCReportDetails_D

Updated the script to execute using the DBot role.
Upgraded the Docker image to: demisto/python3:3.9.5.21272.

NCSCReportDetails_B

Updated the script to execute using the DBot role.
Upgraded the Docker image to: demisto/python3:3.9.5.21272.

NCSCReportDetails

Updated the script to execute using the DBot role.
Upgraded the Docker image to: demisto/python3:3.9.5.21272.

NCSCReportOverview

Updated the script to execute using the DBot role.
Upgraded the Docker image to: demisto/python3:3.9.5.21272.

NCSCReportDetails_C

Updated the script to execute using the DBot role.
Upgraded the Docker image to: demisto/python3:3.9.5.21272.

NCSCReportDetails_A

Updated the script to execute using the DBot role.
Upgraded the Docker image to: demisto/python3:3.9.5.21272.

Download

1.0.0 - 394234 (January 27, 2021)

This pack contains an incident type and relevant fields to initiate a self-assessment against the National Cyber Security Centre's Cyber Assessment Framework.

All assessment questions are sent via e-mail and the responses also sent via e-mail. The assessments can also be answered within the Cortex XSOAR platform.

Download