Control Implementation Description

MB6
Tera Contributor

How are control implementation descriptions handled in policy & compliance as well as continuous authorization? To keep things consistent with SSP, which has both control objective and then control implementation description, control objectives are created in poicy & compliance, but where would control implementation descriptions be added for each control objective? When the controls are generated against control objects, they are focused on how each entity compliant with the control objective rather than being a control implementation description for the SSP control objective.

1 REPLY 1

Community Alums
Not applicable

Hi @MB6 ,

After you have selected controls for implementation, and performed any of the possible actions on them, you are ready for the Implement step.

Before you begin

Role required: sn_irm_cont_auth.information_type, sn_irm_cont_auth.information_owner, or sn_irm_cont_auth.admin

About this task

When approval was received on the Authorization Package form, a Percentage of controls implemented field and a Controls related list appeared on the form.

The Controls related list contains all of the controls created from the control objectives within the selected authorization boundary.

Procedure

  1. From the list of controls, click the control number (with a CTRL prefix) to open the control.
    SandeepDutta_0-1689825735256.png
    1. The implementation process performed by your system owner and other technical or security personnel employs the control management workflow inherent in the base GRC system.
    2. As you are implementing your controls, the Percentage of controls implemented field keeps track of your progress.
    3. After you have completed the implementation process for all of your controls, click Assess to transition the package to the Assess state.

    Then you follow:

    Assess, authorize, monitor, and generate reports 

    You can view Continuous Authorization and Monitoring reports and other visualizations on the Overview.

    The reports you can view depend on your user role, as follows:
    • To view reports available to users with the CAM Administrator [sn_irm_cont_auth.admin] role, navigate to Continuous Authorization and Monitoring > CAM Overview.
    • To view reports available to users with the Authorization Official [sn_irm_cont_auth.authorization_official] role, navigate to Continuous Authorization and Monitoring > AO Overview.
    • To view reports available to users with the Security Control Assessor [sn_irm_cont_auth.sec_control_assessor] role, navigate to Continuous Authorization and Monitoring > SCA Overview.