Security Posture Management Application Ingrid The Security Posture Management application is optimized for Security Posture Management (SPM) workflows. Use the App Switcher, located at the top of the left navigation menu, to toggle between applications. The context switcher dropdown, located in the top actions bar, allows you to select from your subscribed subsidiaries in your Rating Tree or your most recently viewed companies. The data on the functional pages is synced for that selected company. A subset of pages are available for Total Risk Monitoring or Risk Monitoring subscriptions. The context switcher may be blank if the page data is not driven off of a specific company's data. Navigation MenuUse the toggle, on the bottom left, to expand or collapse the menu at any time to get a wider view of the data.MenusDashboardMenu Icon: DashboardHighlights recent changes to your organization’s Bitsight Security Ratings and supporting data (e.g., ratings, new findings, and infrastructure changes).OrganizationMenu Icon: OrganizationView your ratings tree, access rating details of entities in your organization, and tools that showcase the rating. Company Details Company Details shows the selected company’s security rating overview and company information. Rating Details Rating Details provides a breakdown of the selected company’s risk, drilling into the individual risk vectors. Ratings Tree The Ratings Tree depicts your organization’s company hierarchy within the Bitsight platform. My Company List The My Company List shows any subscribed entity within the My Company. Subsidiaries Access Enterprise Analytics, which allows you to better understand your Ratings Tree, from the Subsidiaries page. Assessments Use the Assessments page to automatically assess your organization’s risk vector grades against control frameworks. Bitsight Badge Use the Bitsight Badge to share your My Company’s or primary’s Bitsight Security Rating with your customers, prospects, and stakeholders. Proactively sharing your rating increases transparency and showcases the strength of your cybersecurity performance program. FindingsMenu Icon: FindingsPrioritize, manage, and monitor risks in your external attack surface, including findings that affect the rating. Findings Table The Findings Table presents your findings, which are the culmination of observed internet traffic and configurations, and their details. This provides a single place to sort, filter, analyze, comment on, track remediation efforts, and export Bitsight findings. Issue Tracking The Issue Tracking page is remediation dashboard that provides an overview of the current state of your issue tracking process for one of your companies. Vulnerability DetectionVulnerability Detection shows vulnerabilities affecting your My Company and your My Subsidiaries.Attack SurfaceMenu Icon: Attack SurfaceDetails on your assets and their attribution to your company. Infrastructure Use the Infrastructure page to: See externally-facing infrastructure (Assets that are attributed to the organization). Report missing infrastructure. Set an end date for the association. Attack Surface Analaytics Attack Surface Analytics provides insight into your organization’s external digital footprint. Work From Home Use Work From Home to search for findings that might introduce risk to your organization via IP addresses. Cloud Infrastructure Sync Cloud Infrastructure Sync automatically updates your cloud IP footprint daily. Third Party Assets The Third Party Assets page shows third-party assets (IP addresses and domains), providing a resilient view of your extended attack surface. Action PlansMenu Icon: Action PlansKeep track of actions you are taking: Forecast how the rating for your company or subsidiary might change over time. See remediation steps that have the greatest impact on your overall rating. Access your Collaboration Inbox. Risk Remediation Use Risk Remediation to manage risk remediation plans (RRP). A plan lists and prioritizes findings that can be fixed to improve certain risk vector grades. Plans are designed to identify and remediate high-impact findings with the goal of reaching an A grade. Forecasting Forecasting generates a forecast to help you improve the rating. Subsidiary Improvement Subsidiary Improvement provides a guideline for prioritizing your remediation efforts, providing the magnitude of impact that the subsidiary/risk vector has on the parent rating. Control Insights Control Insights identifies gaps in security controls. Control Insights uses automatic, intelligent analysis of the already collected externally observable telemetry to generate insights on whether your security controls appear to be performing effectively or ineffectively. Financial Quantification Financial Quantification measures your organization’s financial exposure across various cyber events and impact scenarios. Peer ComparisonMenu Icon: Peer ComparisonCompare the currently selected subsidiary against companies you’ve chosen for benchmarking or for comparison against risk vectors. Peer Analytics Peer Analytics is your Peer Analytics dashboard, which provides an objective, data-driven comparison between companies and peer groups. Benchmarking Use Benchmarking to benchmark a specific group of companies against your organization, or if you have a My Subsidiary subscription, you can benchmark your subsidiaries. Risk Vectors Risk Vectors provides a detailed comparison of risk vector performance. CollaborationMenu Icon: CollaborationAddress collaboration invitations from third parties via the Client/Vendor Access Program. See details of your access, collaboration history, and the reasoning for the request to collaborate.AlertsMenu Icon: AlertsEase your workload with automated and customized notifications. Get alerted on specific security performance changes in your extended organization so you can take immediate action on ratings changes, infections, or vulnerabilities impacting your company or subsidiary. Configured Alerts Use Configured Alerts to review previously-defined SPM alerts and define new ones. Alert Logs Review triggered alerts in Alert Logs. It includes a table that displays details about each alert, including any findings associated with it. Infections Use Infections to get alerted on Botnet Infection events that occur within your company’s infrastructure. Identify infections as they occur, maintain business continuity, and better prioritize threats. Subsidiaries (Legacy) Subsidiaries is a legacy page. It is being replaced by Configured Alerts and Alert Logs. Monitor rating changes in your Ratings Tree. ReportsMenu Icon: ReportsSummarized security program status and trends for distribution to your board, team, key stakeholders, and subsidiaries. March 24, 2026: Security Posture Management rebrand. February 4, 2025: Third Party Assets page. October 28, 2024: Updated the menu sorting. See change details. October 21, 2024: More info about the context switcher. Related to security performance management Related articles SPM App: Dashboard Findings: Findings Table How are Bitsight Security Ratings Calculated? Action Plans: Risk Remediation Attack Surface: Infrastructure Feedback 0 comments Please sign in to leave a comment.