Best process for loading authority document, citations, control objectives

Shirl22
Tera Contributor

My organization wants to load IRS 1075 regulations as an authority document with related citations and turn the citations into control objectives. What's the best process to do this? We had a vendor partner assist with the initial creation of our authority documents (NIST 800-53 and CIS v8), and our current control objectives are based on our organizational policies which are based on/inspired by the authority documents. 

 

I'd also like to know how best to create control objectives from NIST 800-53 citations. 

 

Many thanks for your help. 

 

We're currently in San Diego and will be moving to Tokyo a bit later this year.

3 REPLIES 3

Meghashree1
Tera Expert

Hi@Shirl22 ,

 

Are you looking for process to import authority documents, citations and control objectives into system? If yes, then first you need to load authority documents and next would be citations associcated with it. And then control objectives needs to be loaded. Control objectives are organizations internal plocies.

 

Thanks,

Meghashree

 

 

Raj Raghavan
Tera Contributor

Hi

 

If it is not too late, Securitybricks just launched a Free FedRAMP accelerator on the ServiceNow appstore that comes with NIST 800-53 Rev 5 authority documents, citations and control objectives.  Feel free to download it from appstore and let us know if you have any questions.

 

Thanks  

Mohammed Kemal
Tera Guru

Hi @Shirl22 ,

It depend but you can streamline the process by using third-party tools like UCF for mapping and importing. If a license for such tools is unavailable, you can proceed with a manual import process instead.

Here are 5 Best Practices for GRC Library Integration with ServiceNow

  1. Test Data Sources Early
    Always test load a small batch of records (e.g., 20) from your data source to verify connectivity and format before proceeding with transformations.

  2. Use Auto-Mapping for Fields
    Leverage the Auto Map Matching Fields feature in Transform Maps to ensure accurate field mapping and reduce manual errors. Double-check critical fields like u_source_id.

  3. Set Coalesce Fields Correctly
    Define coalesce fields, such as u_source_id, to ensure proper deduplication and linking of records across Authority Documents, Citations, and Control Objectives.

  4. Maintain Logical Execution Order
    Ensure Transform Maps are executed in ascending order (e.g., 100, 101, 102) to maintain data integrity and proper linkage between imported records.

  5. Validate Results After Each Step
    After each transform, review imported records to confirm data accuracy and relationships (e.g., Authority Documents linked to Citations and Control Objectives).

If you like this response click helpful,

Thanks,

Mohammed

Mohammed.