Upgrading Third Party Governance

For the Archer Third Party Governance 6.5 release, the Technologies application and the Devices application have been updated to align with the previous 6.4 SP1 release changes. If you are upgrading from Third Party Governance version 6.2 or earlier to version 6.5 or later, be aware of the following changes.

On this page

Technologies Application

The Technologies application was deprecated and replaced by a new application with the same name. If you are upgrading from Third Party Governance 6.2 or earlier, it is strongly recommended that you do one of the following prior to installation:

  • If you do not have data to migrate, delete the old Technologies application.
  • If you do have data in the old Technologies application that you want to migrate, rename the application.

Important: Attempting to map the new Technologies application to the deprecated Technologies application may generate errors.

The old Technologies application was a leveled application, and the new Technologies application contains several hierarchical values lists (Operating System, Hardware, and Application).

The new Technologies application captures data about a specific technology, such as all the devices in the organization that have the technology deployed, approvals around the technology, and scorecards.

  • Devices scorecard: Displays counts of devices related to the technology by risk criticality.
  • Potential Vulnerability Definitions Scorecard: Displays potential vulnerabilities against devices where this technology is installed.
The following table describes fields in the Technologies application that were changed in the 6.4 SP1 release.

Field

Change Made

Devices
  • Added new hierarchical values lists.
  • Added new calculated cross-references to Vulnerabilities.
  • Added new report objects (Matched Technologies, Potential Vulnerabilities).

Patches

Deleted cross-reference to old Technologies application.

Malicious Code

Deleted cross-reference to old Technologies application.

Vulnerabilities
  • Added new hierarchical values lists.
  • Added new calculated cross-references to Devices.
  • Added new report object (Potentially Impacted Devices).
  • Deleted Assessments & Scan Results tab.
    • Moved Technical Control Manual Assessment to Compliance Management tab.

    • Moved Configuration Scan Results to Compliance Management tab.

Threat Intelligence
  • Added new hierarchical values lists.
  • Added new calculated cross-references to Devices.
  • Added MRDC field.

For a list of exact changes between the old Technologies application and the new Technologies application, compare the Data Dictionary for the Third Party Governance 6.2 use case and the Data Dictionary for the Enterprise Catalog package.

Devices Application

Several fields have changed in their format and some have been renamed.

Using Bulk Update, migrate the data in the following table from your existing fields to the updated fields in the Devices application. For detailed instructions on Bulk Update, see Performing On-Demand Bulk Actions.

The following table describes changes from old fields to new fields in the Devices application.

Old Field

New Field

Change Made

Source

Source

Source changed from a Text field to a Values List field.

Availability

Availability Requirement

Availability changed to Availability Requirement.

Integrity

Integrity Requirement

Integrity changed to Integrity Requirement.

Confidentiality

Confidentiality Requirement

Confidentiality changed to Confidentiality Requirement.

IAC Risk Score

CIA Risk Score

IAC Risk Score changed from a Text field to a Numeric field and renamed to CIA Risk Score.