Risk assessment
The risk assessment report is a table of all the risk assessments and their calculated risk priorities.
Usage
You can create a risk assessment report by running the following command:
Example report
The report is provided as a table in HTML format. The following is a rendered example of the report, given a single risk assessment:
| RA001 | Prior | Residual | ||||
|---|---|---|---|---|---|---|
| Prob. | Severity | Detect. | Prob. | Severity | Detect. | |
| High | Medium | Medium | Low | Medium | High | |
| Risk priority | High | Low | ||||
| Description | Ipsem lorem dolor sit amet, consectetur adipiscing elit. | |||||
| Consequence | Morbi laoreet et purus gravida hendrerit. | |||||
| Mitigation | Praesent a magna condimentum. Mitigation requirement IDs: FR001. | |||||
Minimum risk priority threshold
You can set a minimum risk priority threshold for the report. This will make the report command exit with an exception if the residual risk priority is higher than the threshold.
The default threshold is low, which means that by default the report will fail if there are any risk assessments with a residual risk priority of medium or high.
To adjust the accepted risk priority threshold, use the --nydok-risk-priority-threshold option: