What the Forest Map shows

The Forest Map is the view that connects your security stack to the work that stack is supposed to do. Tools sit on one side, capabilities sit on the other, and the lines between them tell you where you are covered and where you are exposed.

Capabilities are the source of truth in Forest. A capability is a discrete security function or process, such as Patch Management or Identity Provisioning. The Map shows which of your tools support each capability, which capabilities have no tool behind them, and where several tools claim the same function.

That picture answers three questions security leaders ask constantly:

• Which capabilities are covered, and by what

• Where you have gaps, meaning a capability with no supporting tool

• Where you have overlap, meaning more than one tool doing the same job

A gap on the Map is different from a low maturity score. The Map tells you whether a capability has tooling behind it. Your CAMP assessment tells you how well that capability is actually performed.

The Map does not score your program on its own. It gives the context behind the numbers. When you see a domain scoring poorly in CAMP, the Map often explains why: no tool, the wrong tool, or three tools fighting over the same ground.

To build this view, you add your tools and confirm how they map to capabilities. Start with Adding tools, then review Tool-to-capability mappings.