Security posture
One page for leadership: where the program stands today.
Risk heatmap — likelihood × impact
Impact →
Likelihood →
Maturity by CSF 2.0 function
Top open risks
Due & overdue actions
Risk register
Inherent scoring on a 5×5 matrix. Click a heatmap cell to filter.
Heatmap
Impact →
Likelihood →
By treatment
Asset inventory
You can't protect what you haven't written down. Criticality drives risk context.
Controls assessment — NIST CSF 2.0
Score each of the 22 categories 0–5. The overall posture score on the dashboard is derived live from this assessment.
Scale — 0 Not performed · 1 Ad-hoc · 2 Repeatable · 3 Defined · 4 Managed & measured · 5 Optimized.
Incident log
A lightweight register for tracking security incidents through containment to lessons learned.
Vendor register
Third parties with access to your systems or data, tiered by risk, with review dates.
Action plan
The living POA&M: remediation actions from risks, audits and incidents, with owners and due dates.
Policy generator
Eight starter policies, auto-filled with your organization details from Data & settings. Download as Markdown or print to PDF, then adapt to your context.
Executive report
Board-ready summary generated from live data. Print to PDF and circulate.
Data & settings
Diwan stores everything in this browser only (localStorage). Export a JSON backup regularly — it's also how you move between machines or share with a colleague.
Organization
Backup & restore
Everything — risks, assets, controls, incidents, vendors, actions, settings — in one portable file.