The

Compliance Assessment

widget monitors whether the account has data for the

Ostrich NIST CSF 2.0

Assessment stored in the delivery.ccmm.crma.scores index. Ostrich is a third‑party assessment tool used by Kyndryl that allows clients or account teams to complete cybersecurity framework assessments (surveys). These assessments are optional for clients; therefore, some accounts will not have assessment data available for CCMM to retrieve.

The NIST CSF 2.0 Catalogue section reflects the structure of the NIST Cybersecurity Framework, which includes:

CCMM supports several sub‑categories (controls) that measure indicators for the supported assessment. Each supported indicator is represented as a widget that retrieves data directly from AIOps Elasticsearch. For every widget shown in the Evidence Quality dashboard, the system displays: The last time data was refreshed, and A status based on the latest refresh.

The table below lists the widget (indicator) and the corresponding AIOps index:

Category	Application Source	Widget (by name)	AIOPS Index
Identity & Access Management	UAT	Pending Local UID Removals	delivery.uat.ticket-*
		UID Actions by Type & Outcome	delivery.uat.ticket-*
		Shared UIDs in Vault	delivery.uat.shid-not-vaulted-*
		Shared UIDs in Vault	delivery.uat.shid-not-vaulted-*
Inventory Management	Enterprise Compliance Management (ECM)	Overall Compliance Posture (KPI)	delivery.ecm.healthcheck
Inventory Management	Inventory Services	Compliance Depth View (KCI)	delivery.ecm.healthcheck
		Non-Compliant Asset Count	delivery.ecm.healthcheck
		Newly Detected Non-Compliance	delivery.ecm.healthcheck
		Top 10 Policy Failures	delivery.ecm.violations-current
		Compliance Scan Coverage	delivery.ecm.healthcheck
		Compliance by Platform Category	delivery.ecm.healthcheck
		Unsupported Assets Overview	delivery.inventory.common-data
		Device Lifecycle Breakdown	delivery.inventory.common-data
Service Management (Patch)	Patch Management - ApexaIQ	SLA Breach - Critical Vulns	delivery.vulnerability.detail.metrics
		Critical Vulns Patched Within SLA (KPI)	delivery.vulnerability.detail.metrics
		Patch Backlog (Pending Systems)	delivery.vulnerability.detail.metrics
		Average Time to Patch (KPI)	delivery.vulnerability.detail.metrics
		Vulnerabilities Patched by Severity	delivery.vulnerability.detail.metrics
		Patch Success Rate Over Time	delivery.vulnerability.detail.metrics
		Pending Patch Volume by Platform (Drilldown)	delivery.vulnerability.detail.metrics
		Vulnerabilities Patched by Time-to-Remediate Range	delivery.vulnerability.detail.metrics
		Patch Backlog by Severity	delivery.vulnerability.detail.metrics
		Remediation Progress Trend	delivery.vulnerability.detail.metrics
Security and Vulnerability Management	Vulnerability Management - ApexaIQ	Avg. Vulnerabilities Per Scan	delivery.vulnerability.detail.metrics
		Known Exploited Vulnerabilities	delivery.vulnerability.detail.metrics
		Last Scan Date	delivery.vulnerability.detail.metrics
		Oldest Unremediated Critical Vulnerability	delivery.vulnerability.detail.metrics
		Active Vulnerabilities by Severity	delivery.vulnerability.detail.metrics
		Vulnerability Discovery Over Time	delivery.vulnerability.detail.metrics
		Recent Scans & KEV Detection	delivery.vulnerability.detail.metrics
		Scanned Vulnerability Severity Trend	delivery.vulnerability.detail.metrics
		Scan Coverage Adherence	delivery.vulnerability.detail.metrics
		Engine Signature Freshness	delivery.vulnerability.detail.metrics
Service Management (Change)	Service Now	Change Management (Deployed)	cdi_changerequests_processed
		Change Management (Emergency)	cdi_changerequests_processed
		Open Changes: Age Range vs Priority	cdi_changerequests_processed
		Open Changes: Category vs Priority	cdi_changerequests_processed