Vendor Data Source ISO 27001 A.15.1 · EASA IS.I.OR.230
📡
Upload Vendor CSV
Required columns: Vendor, Category, Tier, Risk_Level, SPOF_Flag, Country, Technology_Domain
Domain Risk Weights
5
4
4
5
3
4
4
SPOF PENALTY MULTIPLIER
1.5
Intelligence Sources (30 sources)
AVIATION & ATM
✅ EUROCONTROL EATM-CERT — ATM threat intelligence
✅ ICAO CYSECP / Doc 10213 — Global Cyber Risk
✅ IATA 3CTX — Aviation Cyber Threat eXchange
✅ EASA Cybersecurity Threat Landscape Project
✅ FAA Cybersecurity Division / CIRSIA Reporting
GOVERNMENT & CRITICAL INFRA
✅ CISA KEV + ICS-CERT OT Advisories
✅ NCSC (UK) Aerospace Threat Reports
✅ ANSSI (France) Aerospace TI
✅ BSI (Germany) Industrial Cyber Reports
✅ CISA/FBI Joint Cybersecurity Advisories
✅ CMMC / DoD DIBNET Incident Reports
THREAT ACTOR & DARK WEB
✅ Recorded Future Third-Party Risk Module
✅ DarkOwl — Tor/I2P/ZeroNet darknet monitoring
✅ Flare.io — Ransomware leak site monitoring
✅ MITRE ATT&CK for ICS (T0800-series)
✅ Mandiant / Google TI — APT aerospace campaigns
✅ NVD / CVE Database
SUPPLY CHAIN & SOFTWARE
✅ CISA SBOM / VEX Ecosystem
✅ Sonatype — Software Supply Chain Report
✅ Endor Labs — OSS Reachability Intelligence
✅ Common Criteria / NIAP Product Evaluations
FINANCIAL & GEOPOLITICAL
✅ S&P Global / Moody's Credit Watch Feeds
✅ OFAC SDN Real-Time Sanctions Feed
✅ SEC EDGAR Financial Disclosures
✅ Oxford Analytica Geopolitical Risk Index
✅ ITAR/EAR Country Control Lists
CERTIFICATION & COMPLIANCE
✅ ENISA ETL — EU Threat Landscape Reports
✅ BSI IT-Grundschutz Threat Catalogue
✅ ICAO Annex 17 · DO-326A / ED-202A
✅ EUROCAE ED-203A — ATM Security Standards
AI-ERA & EMERGING
✅ Anthropic / OpenAI Threat Intelligence Reports
✅ Kindo AI Engine (claude-sonnet-4) — 2-pass scoring
✅ Pass 2: vendor-specific AI remediation per gap
FULL SCORE TRACEABILITY · EVERY DECISION DOCUMENTED
Compliance Mapping
ISO 27001:2022
→ A.15 Supplier Relationships
→ A.5.19–5.22 Supply Chain
→ A.8.30 Outsourced Activities
EASA Part-IS
→ IS.I.OR.230 Third-Party Management
→ IS.I.OR.200 Risk Assessment
→ IS.I.OR.240 SPOF Monitoring
INTELLIGENCE FRAMEWORK
→ EUROCONTROL EATM-CERT
→ ENISA ETL · NCSC · ANSSI · BSI
→ MITRE ATT&CK ICS · Mandiant APT
Initializing…0%
📡
Run Assessment First
Dashboard populates after AI assessment completes.
📋
No Data Loaded
Load dataset or run assessment to populate register.
⚡
Run Assessment First
SPOF analysis requires AI assessment for operational impact narratives.
Vendor Tier Hierarchy & Organizational Relationships
ISO A.5.21 · EASA IS.I.OR.230 · Click vendor → Score Traceability + Remediation in-panel
🏗️
Load Dataset to View Tier Hierarchy
Shows Tier 1 → Tier 2 → Tier 3 relationships from dataset immediately.
Enriched with AI risk scores and full traceability after assessment runs.
Supply Chain Relationship Map D3.js Hierarchical Topology
🗺️
Load Dataset to View Map
Geopolitical Risk Heat Map ITAR · EAR · OFAC · Five Eyes
🌐
Load Dataset to View Geo Map
📊
Load Dataset First
Vendor Incident & Breach Timeline CISA KEV · ICS-CERT · NVD/CVE · EATM-CERT · Recorded Future · DarkOwl · Flare.io · Mandiant
⚡
Run Assessment to Populate
Report Configuration ISO 27001 A.15 · EASA IS.I.OR.230
Report Metadata
Sections
Preview
Load dataset to preview…
Threat Intelligence Source Registry
30 sources · 7 domain categories · Applied to all vendor assessments
Sources active in Pass 1 scoring + Pass 2 remediation