Implementing and monitoring controls is essential for all present-day organizations, as cyber threats/attacks are at an all-time high. You can create, edit and manage your controls within ControlMap to make sure you and your team are prepared in the event of a security breach.
Control Sets are not automatically generated when a new Command Center is created, but you can import a defined set of controls from NIST, CSA, CIS or our own recommend Baseline Controls from the Controls section. Just select “Import Pre-loaded Controls Sets,” and then select Import under the set that you’d like to add to the instance.
Control Sets and Control Families
If you’d like to import additional control sets, you can do so by selecting + New Control Set in the upper right corner of the page in the Controls section and filling out the required information. Once the container has been created, you can import the control set into the container from the associated 3-dot options menu by selecting Import Controls from library.
Controls are organized within Control Families in ControlMap, and a “Family” is essentially a group of controls related to the same subject (Asset Management, Privacy, Risk Management, etc.). To view the controls within a family, just select the hyperlinked # Controls below the bolded title of the Control Family.
Working with Controls
Implementing individual controls within control families is an important step in your compliance journey, and our platform helps you and your team track the status of the controls' implementation. You can also assign risks, associate evidence with the controls and perform automated audits within the platform to see if your controls are working as intended.
After selecting the hyperlinked # Controls, you should see the controls within the control family listed in a grid view. This view displays:
1. The status of whether or not the control has been implemented.
2. If the control has passed an automated audit.
3. The evidence associated with the control.
4. Which framework requirements are linked to the control.
5. Any comments posted about the control from other users in the instance.
Select the individual control from the Control Name column to make additional changes to the control. There are five sections within the control that you can modify:
This section lets you edit the description of the control (which you can do by clicking the text field), add notes about the control’s implementation and link documents to the control. The Attach button on the upper right corner of the section to the left of the Properties sidebar allows you to link various documents, reports and issues to the control.
The Evidence section lets you link, unlink, create and delete evidence related to the control. Use the Attach button to link existing evidence or use the New dropdown menu to create a new evidence. You can also use the options menu to edit, delete or unlink the corresponding evidence.
You can link an existing risk to the control via the Attach button or create a new risk from the New dropdown menu. You can unlink the risk from the control by selecting Unlink for the associated risk.
If you've added a framework to your instance, the Mappings section should have the objectives for that particular framework listed in this section. If you need to add additional objectives to the control, you can do so by selecting Requirements from the Attach menu.
Use the Settings section to set the automated control testing frequency and establish the type for the control.
The Properties sidebar let's you:
1. Track the implementation status of the control
2. Set the owner (the individual responsible for managing the control).
3. Assign the control to a team.
4. Add contributors.
5. Confirm the effectiveness of the control.
6. Establish the priority for implementing the control.
7. Add tags for searchability.
You can also select the Why? hyperlink below the Automated Test section to see why the control is failing.
If you have any questions about Controls that aren't covered in this article, please contact email@example.com for additional assistance.