My Standards

Introduction

You can create your own custom compliance standards that are tailored to your own business needs, standards, and organizational policies. These standards would be visible only for users within the tenant. You can also edit/delete existing standards based on your role and access policies.

  1. Click Compliance > Standards.
19171917
  1. Click Standards (Marketplace) dropdown > My Standards.
19071907

The My Standard window appears.

19121912
  1. To select the tenant, click Controls > Add Control Objectives.
  2. Click Bulk.
  3. Select the tenant to replicate controls for a specific account.
  4. Click Browse and upload the excel sheet.
  5. Click Save controls. The controls will be created for the selected tenants.
11721172
  1. For permission validation, while creating the standard, select the Engine Type. The permissions will be mapped based on the engine type.
11761176

NOTE: When you upload an excel with respect to policies in our market place, the policy having default value will be configured by default. You can change the values any time.

The following sample JSON implements a my standards model.

{
  "control_action_attributes": {
    "action_method": {
      "optional": false,
      "ui-text-element": "dropdown",
      "allowed_values": [
        "Report",
        "Policy",
        "Validation",
        "Monitoring",
        "checklist"
      ],
      "filter": false,
      "position": 5,
      "label": "Control action method",
      "type": "string"
    },
    "nature": {
      "optional": false,
      "ui-text-element": "dropdown",
      "allowed_values": [
        "Manual",
        "Automated"
      ],
      "filter": true,
      "position": 2,
      "label": "Control action nature",
      "type": "string"
    },
    "purpose": {
      "optional": false,
      "ui-text-element": "dropdown",
      "allowed_values": [
        "Preventive",
        "Detective"
      ],
      "filter": false,
      "position": 3,
      "label": "Control action purpose",
      "type": "string"
    },
    "classification": {
      "optional": false,
      "ui-text-element": "dropdown",
      "allowed_values": [
        "Process",
        "Technical"
      ],
      "filter": false,
      "position": 4,
      "label": "Control action classification",
      "type": "string"
    },
    "level": {
      "optional": false,
      "ui-text-element": "dropdown",
      "allowed_values": [
        "Cloud account",
        "Organization",
        "Resource",
        "OS"
      ],
      "filter": true,
      "position": 1,
      "label": "Control action level",
      "type": "string"
    }
  },
  "control_attributes": {
    "Security_Control_Clause": {
      "optional": false,
      "ui-text-element": "dropdown",
      "allowed_values": [
        "5. Security policy",
        "6. Organization of information security",
        "7. Human resources security",
        "8. Asset management",
        "9. Access control",
        "10. Cryptography",
        "12. Operations security",
        "13. Communications security",
        "14. System acquistion, development and maintenance",
        "15. Supplier relationships",
        "16. Information security incident management",
        "17. Information security aspects of business continuity management",
        "18. Compliance"
      ],
      "abstracted-name": "Category",
      "position": 1,
      "label": "Security Control Clause",
      "type": "string"
    },
    "Security_Category": {
      "type": "string",
      "ui-text-element": "dropdown",
      "label": "Security Category",
      "abstracted-name": "Subcategory",
      "filter": true,
      "position": 2,
      "allowed_values": [
        "5.1 Information Security Policy",
        "6.1 internal organization",
        "6.2 Mobile devices and teleworking",
        "7.1 Prior to employment",
        "7.2 During employment",
        "7.3 Termination and change of employment",
        "8.1 Responsibility for assets",
        "9.1 Business requirements of access control",
        "9.2 User access management",
        "9.3 User responsibilities",
        "9.4 System and application access control",
        "10.1 Cryptography controls",
        "12.1 Operational procedures and responsibiities",
        "12.2 Protection from malware",
        "12.3 Backup",
        "12.4 Logging and monitoring",
        "12.5 Control of operational software",
        "12.6 Technical vulnerability management",
        "12.7 Information system audit considerations",
        "13.1 Network security management",
        "13.2 Information transfer",
        "14.1 Security requirements of information systems",
        "14.2 Security in development and support processes",
        "14.3 Test Data",
        "15.1 Information security in supplier relationships",
        "15.2 Supplier service delivery management",
        "16.1 Management of information security incidents and improvements",
        "17.1 Information Security Continuity",
        "17.2 Redundancies",
        "18.1 Compliance with legal and contractual requirements",
        "18.2 Information security reviews"
      ],
      "optional": false
    },
    "Control_Objective": {
      "type": "string",
      "ui-text-element": "text-area",
      "label": "Control Objective",
      "filter": false,
      "position": 3,
      "abstracted-name": "Control Name",
      "purpose": "compliance_control_name",
      "optional": false
    },
    "description": {
      "type": "string",
      "ui-text-element": "text-area",
      "label": "Description",
      "filter": false,
      "position": 4,
      "optional": false
    }
  }
}

Did this page help you?