TATER Dashboard Guide
A comprehensive walkthrough of all dashboard features, from the main compliance view to team management, risk scoring, GRC status, and policy generation.
Main Dashboard
The main dashboard provides at-a-glance compliance visibility with key performance indicators, trend analysis, and recent activity. It is the default landing page after sign-in and can be accessed at any time from the sidebar.
Key Performance Indicators
Located at the top of the dashboard, KPI cards display real-time compliance metrics:
- Overall Compliance Score: Percentage of controls in "Passed" status across all scans, weighted by severity
- Total Controls: Count of all unique controls evaluated across all frameworks
- Passed / Failed: Controls meeting or not meeting compliance requirements
- Manual Review: Controls requiring manual verification by a human auditor
- Not Applicable: Controls not relevant to your environment (excluded from scoring)
- Overrides: Controls with active risk acceptance records
Click any KPI card to filter the controls view to show only controls in that status. For example, clicking "Failed" will navigate to the controls page filtered to only failing controls.
Compliance Bar
The compliance bar is a horizontal stacked bar chart beneath the KPIs showing the proportion of each status category. It provides a quick visual indicator of overall health:
- Green: Passed controls
- Red: Failed controls
- Yellow: Manual review required
- Gray: Not applicable or skipped
- Blue: Overridden controls (risk accepted)
Historical Trend Chart
The trend chart plots compliance data from scan history combined with current resolved totals:
- Each data point represents a scan, plotted chronologically along the X-axis
- The latest data point includes resolved totals, accounting for overrides and current scan results
- Historical points show raw Pass/Fail/Manual/N/A counts as they were at scan time
- Hover over any data point to see exact counts and date
- Click a scan point to drill into that specific scan's detailed results
- Multiple scan types (Cloud, Endpoint) are plotted on the same timeline
The trend chart uses historical scan data for past points and current resolved totals for the latest point. This means the most recent point reflects overrides and manual adjustments, while historical points show the raw scan results at the time they were recorded.
Priority Distribution Chart
The priority distribution chart breaks down findings by severity level, helping you prioritize remediation efforts:
| Priority | Description | SLA Default |
|---|---|---|
| Critical | Require immediate attention; active exploitation risk | 24 hours |
| High | Should be addressed in the near term | 7 days |
| Medium | Plan for remediation in the current cycle | 30 days |
| Low | Longer-term improvement targets | 90 days |
Primary Application Highlighting
Applications marked as "Primary" in Compliance Zones settings receive special dashboard treatment:
- Sorted to the top of the application compliance list with a star badge
- Displayed with an accent-colored left border for visibility
- Prioritized in reports and executive summaries
- Shown first in the compliance bar breakdown
Set the primary flag in Settings > Compliance Zones by checking the "Primary Application" checkbox on any zone.
Risk Analysis
Risk Score KPIs
The dashboard includes weighted risk scoring to prioritize remediation efforts:
- Total Risk Score: Aggregate weighted risk across all failing controls
- Critical Risks: Count of failing controls with risk score above the critical threshold
- Average Risk: Mean risk score across all evaluated controls
- Risk Trend: Arrow indicator showing risk direction compared to previous scan
SLA Summary
SLA monitoring tracks remediation timelines for failing controls:
| SLA Status | Description |
|---|---|
| Within SLA (green) | Remediation on track within the defined deadline |
| Warning (yellow) | Approaching SLA deadline, typically within 48 hours |
| Breach (red) | Exceeded remediation deadline, escalation triggered |
Default SLA deadlines by severity: Critical = 24 hours, High = 7 days, Medium = 30 days, Low = 90 days.
SLA deadlines can be configured per organization in Organization Settings. Override individual control SLAs when business context requires different timelines.
MITRE ATT&CK Coverage
The dashboard displays MITRE ATT&CK coverage showing which adversary techniques your controls defend against:
- Technique badges: Controls mapped to MITRE techniques display tactic and technique IDs (e.g., T1078 Valid Accounts, T1110 Brute Force)
- Coverage percentage: Percentage of mapped techniques with at least one passing control
- Gap identification: Techniques with no passing controls are highlighted in red, indicating defensive gaps
- Tactic groups: Techniques are grouped by MITRE tactic (Initial Access, Persistence, Privilege Escalation, etc.)
Compliance Drift Alerts
Drift alerts notify you when controls change status between scan cycles. When a previously passing control regresses to Fail, a drift alert is generated.
Drift Alert Banner
When drift is detected, a banner appears at the top of the dashboard showing:
- Drift count: Number of controls that changed from Pass to Fail since last scan
- Affected frameworks: Which frameworks are impacted by the regression
- Quick action: Click the banner to jump to the list of drifted controls for immediate review
Drift alerts indicate that previously passing controls are now failing. This may be caused by configuration changes, policy updates, or environmental changes. Investigate drift alerts promptly to prevent compliance gaps from widening.
GRC Status Widget
The GRC status widget provides a consolidated view of all Governance, Risk, and Compliance modules in a single dashboard panel:
- Open Risks: Count of unresolved risks in the Risk Register with severity breakdown
- Pending Exceptions: Exception/waiver requests awaiting approval
- Upcoming Audits: Next scheduled audit engagements and their dates
- Training Compliance: Percentage of staff who have completed required training
- Control Test Results: Recent test pass/fail rates
- BCP/DR Status: Days since last BCP/DR test exercise
Click any item in the GRC status widget to navigate directly to the relevant module for detailed management.
Tasks Widget
The tasks widget on the dashboard shows your assigned tasks and upcoming deadlines:
- My Tasks: Tasks assigned to you across all modules (controls, audits, remediations)
- Overdue: Tasks that have passed their due date, highlighted in red
- Due Soon: Tasks due within the next 7 days
- Quick Actions: Mark tasks as complete or snooze directly from the widget
Feedback Widget
The feedback widget provides access to the UserVoice-style feedback system directly from the dashboard:
- Submit Ideas: Propose new features or improvements
- Vote: Upvote or downvote existing suggestions from other users
- Status Tracking: See which ideas are Under Review, Planned, or Completed
- Comment: Add context or use cases to existing feedback items
Controls Page
The Controls page displays all compliance controls with advanced filtering, sorting, grouping, and detail expansion.
Filtering & Sorting
- Status filter: Show Passed, Failed, Manual, or Not Applicable
- Framework filter: Filter by CIS, NIST, ISO 27001, SOC 2, PCI-DSS, HIPAA, etc.
- Severity filter: Critical, High, Medium, Low
- Text search: Search by control ID, title, or description
- Framework Category: Toggle between "All / Compliance / Vulnerability" views
- Domain filter: Filter by control domain (Identity, Data Protection, Network Security, etc.)
Control Detail Expansion
Click any control row to expand its detail panel showing:
- Full description and CIS remediation guidance
- Status details explaining why the control passed or failed
- Scan history showing status trend across previous scans
- Framework mappings and cross-references to NIST, ISO, SOC 2, etc.
- Assigned owner and current override status
- MITRE ATT&CK technique badges
- Risk score and SLA deadline with countdown
- Remediate button (if automated remediation is available for the control)
- Comments thread for team discussion
Overrides Page
Create formal risk acceptance records for failing controls with time-bound exemptions and business justification.
Creating an Override
Create a new override
Click "New Override" and select the control to override from the dropdown or search by control ID.
Choose override type
Select "Risk Acceptance" (permanent until revoked) or "Temporary Exemption" (requires an expiration date).
Document justification
Enter the business justification explaining why the risk is accepted and assign an owner responsible for monitoring the exception.
Save and track
The override is tracked in the register with automatic expiration warnings 14 days before the due date. Overridden controls show "Override" status instead of "Fail" on the dashboard and reports.
People & Assignments
Manage team members and assign controls for accountability:
- Add person: Register team members by name and email, or search Entra ID directory
- Assign controls: Allocate failing controls to team members for remediation ownership
- Bulk assign: Use the bulk assignment feature to assign multiple controls at once
- Entra ID search: Search your organization's Entra ID directory to find and add users
- Workload view: See how many controls each person owns and their completion rate
- Due dates: Set remediation deadlines per assignment with SLA tracking
Policy Template Library
Generate security policy documents from pre-built templates with variable substitution.
Available Templates
TATER includes 11 pre-built policy templates covering common compliance requirements:
- Information Security Policy
- Acceptable Use Policy
- Incident Response Plan
- Access Control Policy
- Data Classification & Protection
- Business Continuity Plan
- Change Management Policy
- Vendor Management Policy
- Remote Work Security Policy
- Data Retention Policy
- Vulnerability Management Policy
Generating a Policy
- Navigate to the Policies page from the sidebar
- Click From Template to open the template browser
- Browse or search templates by category, difficulty, or framework mapping
- Select a template and fill in the variable form (organization name, CISO, dates, etc.)
- Preview the generated Markdown document in the preview panel
- Save as a draft or export to PDF with organization branding (cover page, table of contents, back page)
Common values like organization name and CISO are cached across templates, so you only need to enter them once. The cache persists for the duration of your session.
Trust Center
The Trust Center is a public-facing compliance posture dashboard showing framework compliance percentages, certifications, and security practices. Share it with customers and partners to demonstrate your security commitment.
- Framework scores: Compliance percentage for each active framework
- Certifications: Display earned certifications and audit dates
- Security practices: Summary of implemented security controls and practices
- Embeddable widget: Generate a compliance widget to embed on your website
Navigation Tips
- Use the left sidebar to move between pages; sections collapse for easier navigation
- Breadcrumbs at the top show your current location in the app
- Dark/light mode toggle in the header adapts to your preferred viewing mode
- Responsive layout adapts to tablet and mobile viewports
- Use the organization switcher in the header to manage multiple organizations
- Keyboard shortcut Ctrl+K opens the global search across all pages