A2V
Version 1.10.0 of the A2V Network was released February 23rd, 2023. Our focus for this version was to improve Fortress SBOM (Software Bill of Materials) module for suppliers to enhance their SBOM uploading and management experience, increase A2V access security and update our Cyber Hygiene dashboards.
Software Bill of Materials
Access Requests Management
A2V supplier admins can now manage user access requests for SBOMs directly via their Trust Center Access Requests Table and use the new Product and SBOM fields in the Document column to identify any request easily.
Products & SBOM Management Restrictions & Supported Product Logos formats
Products creation and management and SBOM upload and access management are now restricted to A2V supplier admins to allow only relevant users to manage their company's products & SBOMs. A helper text has been added to the product logo upload area when an unsupported format is uploaded to mention the supported formats for product logos i.e., jpg, jpeg & png.
Cyber Hygiene Reports Updates
A2V is getting ready to utilize Fortress new Cyber Hygiene scanner in an upcoming release so the Cyber Hygiene company profile pages have been updated to reflect the future data structure. The following sections have been removed:
-
- Information unavailable section of the DNA, SSL/TLS & App security tabs.
- Weak Ciphers section of the SSL tab.
- Vulnerabilities section of the app Security tab.
A2V Access Security
A2V now has increased controls on login and password requirements:
-
- A2V user password cannot be changed twice within 24 hours.
- A2V user previous passwords cannot be reused while resetting the password.
- A2V user passwords must be changed every 2 months.
- A2V will now display a logoff message when a user session is terminated.
Reports
Fortress reports application released a new version 1.34.0 on February 22nd and 23rd, 2023. The Security Risk Assessment (SRA) and the Data-Driven Product Assessment (DDPA) reports have been enhanced. All reports footers and disclaimers have been updated and a DDVA lite report called Open-Source Vendor Risk Illumination (OSVRI) was created.
SRA Report - Frameworks Enhancements
The SRA Framework summary section was updated to utilize related assessment findings instead of questions' answers to identify findings. Frameworks categories order is now configurable using Fortress Platform.
DDPA Report - Version 4
The DDPA report has been updated to version 4. The following changes were made to the report:
Framework Mapping Section
The framework Mapping Key table was updated and a note was added and a title was added for adherence gauges and the gauges names were updated.
Appendix
The Control Mappings table was updated with the new mapping.
Reports Footers & Disclaimers
All reports' footers were updated to "BUISNESS PROPRIETARY | FORTRESS INFORMATION SECURITY | NOT FOR REDISTRIBUTION" and the Disclaimer text of each report was updated to the latest version.