Control Implementation Description
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-19-2023 03:19 PM
How are control implementation descriptions handled in policy & compliance as well as continuous authorization? To keep things consistent with SSP, which has both control objective and then control implementation description, control objectives are created in poicy & compliance, but where would control implementation descriptions be added for each control objective? When the controls are generated against control objects, they are focused on how each entity compliant with the control objective rather than being a control implementation description for the SSP control objective.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-19-2023 09:04 PM
Hi @MB6 ,
After you have selected controls for implementation, and performed any of the possible actions on them, you are ready for the Implement step.
Before you begin
Role required: sn_irm_cont_auth.information_type, sn_irm_cont_auth.information_owner, or sn_irm_cont_auth.admin
About this task
The Controls related list contains all of the controls created from the control objectives within the selected authorization boundary.
Procedure
- From the list of controls, click the control number (with a CTRL prefix) to open the control.
- The implementation process performed by your system owner and other technical or security personnel employs the control management workflow inherent in the base GRC system.
For details, see the following:
- As you are implementing your controls, the Percentage of controls implemented field keeps track of your progress.
- After you have completed the implementation process for all of your controls, click Assess to transition the package to the Assess state.
Then you follow:
Assess, authorize, monitor, and generate reports
You can view Continuous Authorization and Monitoring reports and other visualizations on the Overview.
The reports you can view depend on your user role, as follows:- To view reports available to users with the CAM Administrator [sn_irm_cont_auth.admin] role, navigate to Continuous Authorization and Monitoring > CAM Overview.
- To view reports available to users with the Authorization Official [sn_irm_cont_auth.authorization_official] role, navigate to Continuous Authorization and Monitoring > AO Overview.
- To view reports available to users with the Security Control Assessor [sn_irm_cont_auth.sec_control_assessor] role, navigate to Continuous Authorization and Monitoring > SCA Overview.
- The implementation process performed by your system owner and other technical or security personnel employs the control management workflow inherent in the base GRC system.