Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Trying to build a security SLA

Derek Hill
Derek Hill August 8, 2022

Hi, I am looking for some collective wisdom to build a security SLA report/dashboard. 
We already have a CVSS score field in our JIRA data ranging from 0-10.
The first step would be to create a criticality field such as follows:

If CVSS >= 9.0 -> Critical

If CVSS between 7.0 - 8.9 -> High

If CVSS between 4.0 - 6.9 -> Medium

If CVSS between 0.1 - 3.9 -> Low

If CVSS = 0 -> None

The next step would be then to compare the criticality field against our SLA

Critical = 14 days

High = 30 days

Medium = 60 days

Low = 90 days

Not sure the best way to do this.

 

Finally, create a report that shows some sort of traffic light status (meet(green), fail(red)) for all non released SLA items.

I would think this has been done before, but my search didn't bear any fruit. 

Any ideas?

Answer
Watch
Like Be the first to like this
502 views

4 answers

1 vote
Brant Schroeder
Brant Schroeder
Community Champion
August 8, 2022

@Derek Hill You would just build the SLA so it is based on the CVSS field.  So if the CVSS field is >= 9.0 the SLA would be 14 days.  You can have a single SLA that evaluates this field and applies the SLA time based on the CVSS value.  There are build in SLA reports that you can then use to see breached vs met and you could make a custom report to show all breached vs met based on the release.

View More Comments
Brant Schroeder
Brant Schroeder
Community Champion
August 15, 2022

@Derek Hill SLA is only delivered by Atlassian in Jira Service Management.

Like
Reply
0 votes
Derek Hill
Derek Hill August 19, 2022

I ended up using the Time for SLA plugin. After some trial and error I have it working the way I want it to. It is not perfect, but good enough for my particular needs. Thanks everyone.

Reply
0 votes
Derek Hill
Derek Hill August 10, 2022

Thank you both. I will try your suggestions and report back.

Reply
0 votes
Peter DeWitt
Peter DeWitt
Community Champion
August 8, 2022

@Derek Hill Here are a few documents that will help you out detailing @Brant Schroeder recommendations:

Setting up SLAs:

setting-up-slas-939926373.html

Reporting on SLAs:

https://confluence.atlassian.com/servicemanagementserver/reporting-on-slas-939926403.html

cheers -dewitt

View More Comments
Derek Hill
Derek Hill August 15, 2022

We are running JIRA server, I am not seeing anything related to SLA's, is that feature there or only present in Cloud?

Like
Derek Hill
Derek Hill August 15, 2022

It looks like what you suggested is a different product which we don't have. I am trying to figure out how to make this work with Jira Software (Core).

Does this require a 3rd party plugin?

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security