Building a Question has two components the first is the data that will be displayed when the assessment is actually taken. The second component is data that will be passed to the Report Findings when the assessment is completed.
Step 1: Input a title specific for the question. If using a framework this may be the name of the control that the question relates to.
Step 2: Input a Description. The Description is whatever you define, be as brief or robust as needed.
Step 3: Add Answer Type. You can select from a variety of answer types such as Pass/Fail or Multiple Choice. Multiple answer types can be selected for Assessments that score off of multiple categories like Process and Practice maturity in CMMC. You can also define custom answer sets.
Step 4: Add Input Fields. Input Fields are completely customizable. Further documentation in the section titled "Input Fields".
NOTE: Every component of the question after Input Fields will NOT be displayed when taking the Assessment. This data will be passed to a Finding in the Report generated upon submission of the assessment. Each Question in the Assessment will become a Finding.
Step 5: Select a Category. If you chose a specific framework when creating your assessment you can chose from a list of categories defined by that framework.
Step 6: WriteupsDB. Linking to the Writeups DB is a legacy feature that is no longer recommended. It is maintained to support legacy assessments.
Step 7: Select Severity. If your question is based off of a Framework Control it may have a predefined severity. This will also be the severity of the Report Finding that this question will become upon submission of the Assessment.
Step 8: Default Score & Default Score Calculation. Selecting a Default Score and Calculation is completely up to your organization. You can use an industry standard like CSSv3 or a custom "in house" calculation. This is entered as a plain text string.
Step 8: Tags. Tags are very powerful inside of PlexTrac and can be used to sort and manage information quickly. Tags work best when your organization has predefined a tagging schema.
Step 9: Recommendations. Enter a recommendation that's relevant to the question.
Example: remediation techniques or policy suggestions.
Step 10: References. Provide relevant references to assist with implementation or to verify your assertions. You can add Hyperlinks to well known vendors or governmental agencies websites and resources.
Step 11: Custom Fields. Input a label and relevant text. Custom Fields can be used for a variety of functions and are determined by your organization. Further documentation in the section titled "Custom Fields".
Step 12: Once you've entered all your data and the Question is configured as desired return to the top of the page and select "Create".
Step 13: To add additional Questions you can click "Add Question" to restart the process, or you can click the "Copy Question" button on a previously created question to duplicate the information
If duplicating a question:
If you choose to duplicate a question, the information from the Source Question will be populated on the right, and the new question won't be created until you click "Create" in the top right, just like when you Add a Question.