overview/ healthcare/ healthcare__campus-enterprise__remote-user-saas

Healthcare Campus enterprise Remote user opens a SaaS application

Single ResolvedScenario, seven views, every honesty marker the resolver emits. Vendor overlay and reader-tier toggles live in the toolbar. 1603 in-scope provisions across 6 frameworks.

Trust Flow rail

Topology map

Stack diagram

Coverage heatmap

Maturity overlay (current → Advanced)

Threat overlay (m2m-token-replay)

Vendor substitution: Cloudflare One vs. Zscaler ZTE

Trust Flow rail

Satisfaction distribution

satisfied113 · 7.0%

partial1212 · 75.6%

gap278 · 17.3%

pendingEvidence (discretion-capped)913

total in scope1603

Frameworks in scope (6)

nist-sp-800-53-r593881222707

cisa-ztmm-v201564108

nist-csf-2-00852157

hipaa-security-rule1037288

cisa-cpgs-v2031320

nist-sp-800-2071022013

Diagnostics (16)

gap (5)warn (11)info (0)

maturity-shortfall

Equipment edr-xdr expects ApplicationsAndWorkloads maturity ≥ Initial, resolved profile is Traditional.

maturity-shortfall

Equipment mdm-uem expects ApplicationsAndWorkloads maturity ≥ Initial, resolved profile is Traditional.

maturity-shortfall

Equipment ztna-gateway expects ApplicationsAndWorkloads maturity ≥ Initial, resolved profile is Traditional.

maturity-shortfall

Equipment dlp expects ApplicationsAndWorkloads maturity ≥ Initial, resolved profile is Traditional.

maturity-shortfall

Equipment siem-soar expects AutomationAndOrchestration maturity ≥ Initial, resolved profile is Traditional.

discretion-cap · cisa-cpgs-v2

Framework cisa-cpgs-v2: 20 provision(s) with medium/high discretion had full structural coverage but were capped at "partial" pending auditor judgment / explicit evidence.

discretion-cap · cisa-ztmm-v2

Framework cisa-ztmm-v2: 108 provision(s) with medium/high discretion had full structural coverage but were capped at "partial" pending auditor judgment / explicit evidence.

discretion-cap · hipaa-security-rule

Framework hipaa-security-rule: 8 provision(s) with medium/high discretion had full structural coverage but were capped at "partial" pending auditor judgment / explicit evidence.

discretion-cap · nist-csf-2-0

Framework nist-csf-2-0: 57 provision(s) with medium/high discretion had full structural coverage but were capped at "partial" pending auditor judgment / explicit evidence.

discretion-cap · nist-sp-800-207

Framework nist-sp-800-207: 13 provision(s) with medium/high discretion had full structural coverage but were capped at "partial" pending auditor judgment / explicit evidence.

discretion-cap · nist-sp-800-53-r5

Framework nist-sp-800-53-r5: 707 provision(s) with medium/high discretion had full structural coverage but were capped at "partial" pending auditor judgment / explicit evidence.

control-uncovered · cisa-cpgs-v2

Framework cisa-cpgs-v2: 3 provision(s) cite fillable Components with no in-scope Equipment filling them — the control class is unrepresented in the scenario stack.

control-uncovered · cisa-ztmm-v2

Framework cisa-ztmm-v2: 4 provision(s) cite fillable Components with no in-scope Equipment filling them — the control class is unrepresented in the scenario stack.

control-uncovered · hipaa-security-rule

Framework hipaa-security-rule: 28 provision(s) cite fillable Components with no in-scope Equipment filling them — the control class is unrepresented in the scenario stack.

control-uncovered · nist-csf-2-0

Framework nist-csf-2-0: 21 provision(s) cite fillable Components with no in-scope Equipment filling them — the control class is unrepresented in the scenario stack.

control-uncovered · nist-sp-800-53-r5

Framework nist-sp-800-53-r5: 222 provision(s) cite fillable Components with no in-scope Equipment filling them — the control class is unrepresented in the scenario stack.

Resolved MaturityProfile

IdentityInitial

DevicesInitial

NetworksInitial

ApplicationsAndWorkloadsTraditional

DataInitial

VisibilityAndAnalyticsInitial

AutomationAndOrchestrationTraditional

GovernanceInitial

Static fallback (JavaScript disabled)

All seven views render as static SVGs below. The interactive toolbar (vendor overlay, reader tier) and the right-side honesty panels require JavaScript.