overview/ retail/ retail__hybrid-saas-and-vpc__engineer-pushes-config

Retail Hybrid SaaS + VPC Engineer pushes config to an operational asset

Single ResolvedScenario, seven views, every honesty marker the resolver emits. Vendor overlay and reader-tier toggles live in the toolbar. 678 in-scope provisions across 5 frameworks.

Trust Flow rail

Topology map

Stack diagram

Coverage heatmap

Maturity overlay (current → Advanced)

Threat overlay (m2m-token-replay)

Vendor substitution: Cloudflare One vs. Zscaler ZTE

Trust Flow rail

Satisfaction distribution

satisfied157 · 23.2%

partial446 · 65.8%

gap75 · 11.1%

pendingEvidence (discretion-capped)237

total in scope678

Frameworks in scope (5)

pci-dss-v4-0-11471524739

cisa-ztmm-v201564108

nist-csf-2-00852157

cisa-cpgs-v2031320

nist-sp-800-2071022013

Diagnostics (17)

gap (11)warn (6)info (0)

missing-component

Stage 2 requires Component PE, but no topology zone hosts one and no Equipment in scope fills it.

missing-component

Stage 3 requires Component PE, but no topology zone hosts one and no Equipment in scope fills it.

missing-component

Stage 4 requires Component PE, but no topology zone hosts one and no Equipment in scope fills it.

missing-component

Stage 5 requires Component PE, but no topology zone hosts one and no Equipment in scope fills it.

missing-component

Stage 5 requires Component PAP, but no topology zone hosts one and no Equipment in scope fills it.

missing-component

Stage 7 requires Component PE, but no topology zone hosts one and no Equipment in scope fills it.

missing-component

Stage 8 requires Component PAP, but no topology zone hosts one and no Equipment in scope fills it.

maturity-shortfall

Equipment siem-soar expects AutomationAndOrchestration maturity ≥ Initial, resolved profile is Traditional.

discretion-cap · cisa-cpgs-v2

Framework cisa-cpgs-v2: 20 provision(s) with medium/high discretion had full structural coverage but were capped at "partial" pending auditor judgment / explicit evidence.

discretion-cap · cisa-ztmm-v2

Framework cisa-ztmm-v2: 108 provision(s) with medium/high discretion had full structural coverage but were capped at "partial" pending auditor judgment / explicit evidence.

discretion-cap · nist-csf-2-0

Framework nist-csf-2-0: 57 provision(s) with medium/high discretion had full structural coverage but were capped at "partial" pending auditor judgment / explicit evidence.

discretion-cap · nist-sp-800-207

Framework nist-sp-800-207: 13 provision(s) with medium/high discretion had full structural coverage but were capped at "partial" pending auditor judgment / explicit evidence.

discretion-cap · pci-dss-v4-0-1

Framework pci-dss-v4-0-1: 39 provision(s) with medium/high discretion had full structural coverage but were capped at "partial" pending auditor judgment / explicit evidence.

control-uncovered · cisa-cpgs-v2

Framework cisa-cpgs-v2: 3 provision(s) cite fillable Components with no in-scope Equipment filling them — the control class is unrepresented in the scenario stack.

control-uncovered · cisa-ztmm-v2

Framework cisa-ztmm-v2: 4 provision(s) cite fillable Components with no in-scope Equipment filling them — the control class is unrepresented in the scenario stack.

control-uncovered · nist-csf-2-0

Framework nist-csf-2-0: 21 provision(s) cite fillable Components with no in-scope Equipment filling them — the control class is unrepresented in the scenario stack.

control-uncovered · pci-dss-v4-0-1

Framework pci-dss-v4-0-1: 47 provision(s) cite fillable Components with no in-scope Equipment filling them — the control class is unrepresented in the scenario stack.

Resolved MaturityProfile

IdentityInitial

DevicesInitial

NetworksInitial

ApplicationsAndWorkloadsInitial

DataInitial

VisibilityAndAnalyticsInitial

AutomationAndOrchestrationTraditional

GovernanceInitial

Static fallback (JavaScript disabled)

All seven views render as static SVGs below. The interactive toolbar (vendor overlay, reader tier) and the right-side honesty panels require JavaScript.