...
| SEVERITY | |||
|---|---|---|---|---|
ACCEPTABLE | TOLERABLE | UNDESIRABLE | INTOLERABLE | |
IMPROBABLE | ||||
POSSIBLE | ||||
PROBABLE | ||||
Risk | Before Mitigation | Mitigation/Justification | After Mitigation | |||||
|---|---|---|---|---|---|---|---|---|
Risk Type | Likelihood | Severity | Score | Likelihood | Severity | Score After Mitigation | ||
AIMS Platform security is compromised. | Product | Possible | Intolerable | Extreme | NIST and DAST Vulnerability Scans, | Improbable | Intolerable | Low |
Sensitive data is breached. | Product | Possible | Intolerable | |||||
Sensitive data not stored
Extreme | TES does not store sensitive data not store sensitive data. This risk and impact analysis will be reviewed for any content updates. | Improbable | Intolerable | Low | ||||
TES Content does not properly associate codes with conditions. | Product | Possible | Undesirable | High | Value Sets pulled from trusted, field-proven sources. New groupers curated and validated by RCKMS content team (experts) | Improbable | Undesirable | Low |
User cannot remember password. | Product | Probable | Acceptable | Medium | SMTP password reset | Improbable | Acceptable | Low |
Customers are unsatisfied with TES. | Business | Possible | Tolerable | Medium | Improbable | Tolerable | Low |