Description

The Security Traceability (Sc-Tr) domain depicts the mapping of a risk to each of the following: risk owner, risk mitigations, and affected asset roles.

Implementation

The Security Traceability (Sc-Tr) domain is represented by:

Sample

An example of the Security Controls to Risk Mapping Matrix

An example of the Risks to Assets Mapping Matrix