Confirm risk-accepted and false positives issues with Dual-Control Principle

How to accept issues labelled as risk-accepted and false positive with the Dual-Control Principle feature

Table of content

  1. Benefits of the Dual-Control Principle
  2. Enable the Dual-Control Principle
  3. Request for an issue update
  4. View request of issue update
  5. Get notified about your issue status update

1. Benefits of the Dual-Control Principle

To ensure that each issue is assigned to the correct status, Autobahn Fit provides a Dual-Control principle feature. Activating this feature allows users to select a peer to review the status update and give approval to each issue status update. Once activated, you will see an additional page with a list of the open requests and all open requests within your organization.

Please note that the issue status remains unchanged as long as the reviewer has not accepted the request. By doing this, admins can implement a review cycle and the ability to oversee user actions that lower the Hackability Score. Re-scans or other data ingestions (e.g. file uploads or integrations) are still automatically closing issues when the related vulnerabilities have not been found again.

2. Enable the Dual-Control Principle

The activation of this feature can only be done by users with the Organization Owner role. To activate the feature:

1 - Click the Arrow button on the top of the page and then click the Settings button.

2 - On the settings page, navigate to the Features tab. You will see options to enable the dual control principle to three different statuses:

  • False positive

  • Remediated

  • Risk accepted

3 - Click the toggle next to the status, then click the Update button to activate the feature.

4 - To check if the feature has been activated, click the Issues button from the menu, you should see a new page: Issue review.

This page is only visible if at least one of the Dual-Control Principle status is enabled.

3. Request for an issue update

Once the Dual-Control Principle feature is activated, you can request an issue update on the Individual issue, Issue details, Scan report, and Workout page. To do this, follow these steps: 

1 - On the Individual issues page or table, select the issues that need to have their status updated by ticking the checkbox. Then, click the Mark issue as a button.

2 - A Request issue status change drawer should appear. Input the reason for the request in this field.

3 - Click the Choose a person to review dropdown, then select the peer to review your status update.

4 - Then click the Save button to send the request.

4. View request of issue update

After selecting the reviewer, view your request on the Issue Review page. The issue review page consists of two tables. On top of the page, you can see the Open and Closed review requests. This table is only available for users with Admin and Owner roles. Users with a General role can request an issue update but cannot be selected as a reviewer.

 

Below this table, you can see the All Open Review Requests table. This table consists of all open requests within the organization. This table is visible for all user types.

5. Get notified about your issue status request

After the Dual-Control Principle feature is activated, and each time your issue update request is accepted or rejected, you will be notified through email. To enable or disable this email notification:

1 - Navigate to the settings page.

 

2 - Click the Notification tab. By default, the Dual-Control Principle notification is enabled. To disable them, click on the checkbox then click the Update button.