Include and Exclude Lists for Custom Review Scope

The Include/Exclude List feature lets you tailor the scope of a review by specifying which security objectives, threat scenarios, and countermeasures to include or omit. This ensures that the review focuses only on what’s relevant to your application or compliance needs.

How to Use

This is the final (Step 4) in the Review Creation Process:

1. Navigate to the Review Setup screen.

2. After selecting documents and frameworks, scroll to the "Customize Scope" or "Include/Exclude List" section.

• Include List: Select specific objectives, threat scenarios, or countermeasures you want to evaluate in this review.
  
  
• Exclude List: Remove elements that are not relevant to this particular project or context.

3. Save and continue with your tailored review setup.

Why Use This?

• Reduces review noise by excluding irrelevant items
• Improves scoring accuracy and review depth
• Focuses on project-specific security priorities

Ideal for teams that need granular control over security evaluation and compliance focus.