This is an IBM Automation portal for Cloud Management, Technology Cost Management, Network Automation and AIOps products. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).
We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:
Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,
Post an idea.
Get feedback from the IBM team and other customers to refine your idea.
Follow the idea through the IBM Ideas process.
Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.
IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.
ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.
Hi Retwick,
Thanks for submitting your idea to onboard a CyberStrong connector with potential backward compatibility for the newly provided API spec. CyberStrong offers robust integration capabilities for cyber risk quantification, control automation, and compliance management, and we’d love to explore how this connector could enhance IBM Concert’s value for users.
To help us scope and prioritize this request, could you please provide more detail in the following areas?
1. Title
What would be a clear, outcome-oriented name for this capability?
(Example: “CyberStrong Connector for Risk and Compliance Integration”)
2. Solution Value Statement
How would you describe the value this integration would deliver to users?
(Example: “Enable seamless ingestion of CyberStrong risk and compliance data into IBM Concert to automate posture assessments and unify cyber risk management workflows.”)
3. Problem Description
Who are the intended users of this integration (e.g., CISOs, compliance officers, risk analysts)?
What challenges are they facing today without this connector?
Are there specific use cases (e.g., risk register sync, control scoring, evidence ingestion) that are most important?
4. Proposed Solution
What should the integration do?
Ingest CyberStrong risk register entries?
Sync control assessments or compliance frameworks?
Automate ticket creation in Concert based on CyberStrong findings?
Should it support real-time updates or batch ingestion?
What backward compatibility concerns should we be aware of?
5. Customer Impact / Business Value
How would this integration improve workflows or outcomes for your team or clients?
Would it help with audit readiness, executive reporting, or remediation tracking?
6. Pilot or Validation Context
Have you tested the new CyberStrong API spec or used similar integrations before?
Is this request coming from a specific customer or internal need?
7. Key Functional Requirements (optional)
Are there specific technical or functional needs you’d like us to consider?
(Example: support for FAIR/NIST 800-30 models, mapping to Concert’s resilience or compliance dimensions)
8. Metrics for Success
How would you measure the success of this integration?
(Examples: number of synced controls, reduction in manual effort, improved risk visibility)
Your input will help us shape this into a well-scoped epic for our roadmap. Feel free to reply directly or let us know if you’d prefer to discuss live.
Thanks again for your contribution!
Marking as incorrect Product Tag - should be Rapid Infrastructure Automation