Attack-path overlay — which obligation did the step blow through?

Wiz / Tenable / XM Cyber show an attack path. This page renders, for a CISA-advisory-sourced path on a given sector, the full chain per step. The differentiator: every step pins to the regulatory clock it broke (when one exists). The Black Basta path on Healthcare or Retail renders the typed CISA BOD 22-01 / KEV obligation diamond on step 2 — not as narrative, as data with a source pin.

Overlays
27
Renderable
23
Deferred
4
Sectors
7
House Rule 1 Every rendered claim pins to a primary source. Trust Failures without an in-scope hardening control surface as uncovered — not as silence. The obligation diamond cites a real framework + provision id; if no regulatory clock applies, the slot renders empty rather than fabricating.

Defense (CMMC contractor)

Energy & Utilities

Federal Civilian

Financial Services

Healthcare

Manufacturing

Retail