Attestation enables your organisation to quickly and easily communicate its cybersecurity posture to potential customers, interested third parties, and the world at large. The OpenCASE framework provides a simple visual method to show how far your organisation has progressed on its OpenCASE implementation journey, using an Attestation Badge. The attestation badge uses colour codes to indicate which Implementation Level has been achieved for each of the 11 Priorities, as per the completion criteria defined in the SPECIFICATION:
How does OpenCASE Attestation work?
OpenCASE is a self attested framework. This means that users assess and attest to their own adherence to the framework. Practically speaking, this means attestation is a two step process:
- Assess your organisation’s current implementation state according to the completion criteria in the SPECIFICATION. A Self assessment spreadsheet is provided as part of the framework to facilitate this.
- Create an attestation badge which reflects the results of your self assessment. See below for instructions.
- Share your attestation badge with your desired audience. You can publish it public on website or in email signatures if you want to proudly proclaim your accomplishment, or you can keep it in your back pocket to share privately with customers, partners, and other third parties that ask about your cybersecurity posture and capabilities.
Performing an initial assessment.
When performing an initial current state assessment, there’s a good chance you’ll find that some priorities will already be completed, while others are lagging behind, resulting in an attestation badge that might look something like this:
However, remember that OpenCASE is intended to be implemented sequentially, so the idea is that your attestation should look more like the first example - especially if you have started from scratch (with every priority at 0 or 1). Keep this in mind when working out your implementation plan.
Creating an Attestation Badge
Currently, you will need to manually create your own Attestation Badge using the template in the images subdirectory of the repository. The template includes labelled colour samples for all Implementation Levels which can be used with a colour picker tool (eye dropper) and then used to with the fill tool to colour in each horizontal bar in the badge according to your completed Implementation Level.
Yes, this process is fiddly and annoying, as you will need to individually fill in the centre white space of all the letters. We apologise profusely for this inconvenience. In the future, we aim to provide a tool which will enable OpenCASE users to automatically generate their badges. In the mean time, some ready made badges are included in the images directory which depict the fully completed implementation levels.
Implementation Level Colour Codes
Implementation levels are represented visually using a traffic light style colour grading for so as to be easy to understand even if the viewer is not familiar with OpenCASE.
The colour codes for each Implementation Level are as follows:
| ILv. | Colour | Hex code |
|---|---|---|
| 0 | Red | #EE4466 |
| 1 | Yellow | #FFDD66 |
| 2 | Green | #22DD88 |
| 3 | Blue | #2288FF |