Capability Library
Control & DirectionThe Capability Library defines the security functions your organization needs to perform and maps those functions to the technologies that deliver them. It provides a structured taxonomy of security capabilities organized by domain, serving as the bridge between your Technology Register and your coverage analysis. The library ships with a built-in set of global capabilities and allows you to create custom capabilities for your specific needs.
The Capability Library integrates with Technology Register (technology-to-capability mapping), Risk Coverage (coverage assessment), and Portfolio Dashboard (domain heatmap and gap signals).
Built-in vs custom capabilities
The library contains two types of capabilities:
-
Built-in capabilities are global records maintained by SecureHive. They cover the standard security functions recognized across the industry and cannot be edited or deleted. Built-in capabilities provide a consistent baseline that ensures your coverage analysis aligns with widely accepted security frameworks.
-
Custom capabilities are tenant-specific records that you create to represent security functions unique to your organization. Custom capabilities live alongside built-in entries and participate fully in coverage analysis, heatmaps, and gap detection.
Both types support the same fields and behave identically in reports and dashboards.
Capability domains
Every capability is assigned to one of ten domains that categorize security functions at a high level:
| Domain | Description |
|---|---|
| Identity | Authentication, authorization, identity governance, and access management |
| Endpoint | Endpoint detection, protection, device management, and hardening |
| Cloud | Cloud security posture, workload protection, and cloud access brokering |
| Network | Network segmentation, firewall management, intrusion detection, and traffic analysis |
| Data | Data classification, loss prevention, encryption, and backup |
| AppSec | Application security testing, code analysis, and secure development lifecycle |
| Detection | Threat detection, SIEM, log aggregation, and anomaly detection |
| Response | Incident response, orchestration, forensics, and recovery |
| Governance | Policy management, compliance tracking, risk management, and audit |
| Other | Capabilities that do not fit neatly into the above domains |
Use the domain filter on the Capability Library page to narrow the view to a specific domain.
Capability hierarchy
Capabilities support a parent-child hierarchy that lets you organize broad functions into more specific sub-capabilities. For example, a parent capability named “Endpoint Protection” might have children such as “Antivirus”, “EDR”, and “Device Encryption”. The hierarchy is reflected in the library view and in the Portfolio Dashboard heatmap, providing both high-level and granular coverage visibility.
Each capability has an optional parent field and a sort order field that controls the display sequence within its parent group.
Creating custom capabilities
Open the Capability Library
Navigate to Stack & Coverage > Capability Library to view all capabilities.
Create a new capability
Click New Capability to open the creation form. Fill in the following fields:
| Field | Description | Required |
|---|---|---|
| Name | A descriptive name for the capability (e.g., “Container Runtime Security”) | Yes |
| Code | A short unique code for referencing the capability | Yes |
| Description | An explanation of what this capability covers | No |
| Domain | The domain this capability belongs to (select from the ten available domains) | Yes |
| Parent | An optional parent capability to create a hierarchical relationship | No |
| Sort Order | A numeric value controlling display order within the parent group | No |
Save the capability
Click Save to add the custom capability to your library. It immediately becomes available for linking to technologies and for inclusion in coverage analysis.
AI-suggested extensions
The Capability Library supports AI-suggested extensions that analyze your current technology register and coverage data to recommend capabilities you may be missing. Suggestions are based on patterns in your portfolio, common industry pairings, and gaps detected in your domain coverage. Review each suggestion and add it to your library if it is relevant to your organization.
Linking capabilities to technologies
The relationship between capabilities and technologies is managed through the Technology Register. From a technology’s detail page, you add capability links and assign a strength to each:
| Strength | Description |
|---|---|
| Primary | This technology is the main tool delivering this capability |
| Secondary | This technology provides supplementary or backup coverage for this capability |
| Deprecated | This technology previously delivered this capability but is being phased out |
Strength assignments drive the Portfolio Dashboard heatmap and overlap detection. A capability covered only by Deprecated technologies will surface as a gap signal.
Permissions
Managing the Capability Library requires the securityPortfolio:manage permission. Users with this permission can create, edit, and delete custom capabilities and manage capability-to-technology links. Users with securityPortfolio:read can view the library and its relationships but cannot make changes. Built-in capabilities cannot be modified regardless of permission level.