Best process for loading authority document, citations, control objectives
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-03-2023 09:33 PM
My organization wants to load IRS 1075 regulations as an authority document with related citations and turn the citations into control objectives. What's the best process to do this? We had a vendor partner assist with the initial creation of our authority documents (NIST 800-53 and CIS v8), and our current control objectives are based on our organizational policies which are based on/inspired by the authority documents.
I'd also like to know how best to create control objectives from NIST 800-53 citations.
Many thanks for your help.
We're currently in San Diego and will be moving to Tokyo a bit later this year.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-05-2023 04:04 AM
Hi@Shirl22 ,
Are you looking for process to import authority documents, citations and control objectives into system? If yes, then first you need to load authority documents and next would be citations associcated with it. And then control objectives needs to be loaded. Control objectives are organizations internal plocies.
Thanks,
Meghashree
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-28-2023 01:55 AM
Hi
If it is not too late, Securitybricks just launched a Free FedRAMP accelerator on the ServiceNow appstore that comes with NIST 800-53 Rev 5 authority documents, citations and control objectives. Feel free to download it from appstore and let us know if you have any questions.
Thanks

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-11-2025 01:29 PM
Hi @Shirl22 ,
It depend but you can streamline the process by using third-party tools like UCF for mapping and importing. If a license for such tools is unavailable, you can proceed with a manual import process instead.
Here are 5 Best Practices for GRC Library Integration with ServiceNow
Test Data Sources Early
Always test load a small batch of records (e.g., 20) from your data source to verify connectivity and format before proceeding with transformations.Use Auto-Mapping for Fields
Leverage the Auto Map Matching Fields feature in Transform Maps to ensure accurate field mapping and reduce manual errors. Double-check critical fields like u_source_id.Set Coalesce Fields Correctly
Define coalesce fields, such as u_source_id, to ensure proper deduplication and linking of records across Authority Documents, Citations, and Control Objectives.Maintain Logical Execution Order
Ensure Transform Maps are executed in ascending order (e.g., 100, 101, 102) to maintain data integrity and proper linkage between imported records.Validate Results After Each Step
After each transform, review imported records to confirm data accuracy and relationships (e.g., Authority Documents linked to Citations and Control Objectives).
If you like this response click helpful,
Thanks,
Mohammed
Mohammed.