Skip to Content
Control and DirectionStack & CoverageStack & Coverage

Stack & Coverage

Control & Direction

Stack & Coverage gives you complete visibility into your security technology portfolio, the capabilities those tools deliver, and the gaps that remain. Instead of managing scattered spreadsheets and tribal knowledge about what tools you own, Stack & Coverage provides a single authoritative register of every security technology, maps each tool to the capabilities it supports, and assesses how well your portfolio covers your most important risk scenarios.

Stack & Coverage integrates with CISO Goals (goal-linked coverage), Issues (gap-driven issues), Risk Register (risk scenario linkage), Vendor Risk (vendor profile linking), Platform Evaluation (evaluation linking), Control Framework (control mapping), and Artifacts (evidence attachment).

Getting started

Build your technology register

Navigate to Stack & Coverage > Technology Register and add every security tool your organization uses. You can create entries manually, add from the built-in catalog, or bulk-import via CSV. For each technology, record the vendor, status, criticality, annual cost, and renewal date.

Explore the capability library

Open Stack & Coverage > Capability Library to review the built-in set of security capabilities organized by domain. These represent the functions your security program needs to perform, from endpoint detection to data classification. Add custom capabilities if your organization has domain-specific needs.

Tag tools to capabilities

Return to the Technology Register and link each technology to the capabilities it delivers. Assign a strength to each link (Primary, Secondary, or Deprecated) so the platform can calculate coverage accurately and detect overlap.

Define risk coverage

Navigate to Stack & Coverage > Risk Coverage and create risk scenarios that describe the threat situations your portfolio must address. For each scenario, assess coverage strength, document gaps, assign contributing technologies, and link to CISO Goals or Issues for remediation tracking.

Review the portfolio dashboard

Open Stack & Coverage > Portfolio Dashboard to see the consolidated view. The domain heatmap shows capability coverage by security domain, overlap detection highlights redundant tooling, and gap signals surface areas where no technology is assigned. Use the NIST CSF reference overlay to align your view with an industry framework.

What’s included

PagePurpose
Portfolio DashboardDomain heatmap, coverage summary, overlap detection, gap signals, and NIST CSF reference overlay
Technology RegisterCatalog of all security technologies with status, cost, criticality, and vendor linkage
Capability LibraryBuilt-in and custom security capabilities organized by domain, linked to technologies
Risk CoverageRisk scenario assessment with coverage strength, gap narratives, and technology assignment
Last updated on
SettingsPortfolio Dashboard