GRC Import
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎10-11-2016 12:56 PM
I noticed a feature to import stuff from UCF; is there a way to import other data or is there predefined controls based off of the authority (NIST 800-53) since UCF database is not maintained and not cross walked to industry standards.
Also, is there a SAG that covers the GRC features in more n depth and scenario based instead of the wiki?
Thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎10-11-2016 01:09 PM
The UCF has several hundred different standards and frameworks from around the world. You should download the UCF into your instance and do some search for different standards you might be looking for. You can download NIST 800-53 controls as well. The UCF is absolutely maintained on a quarterly basis and controls are linked across standards/frameworks. For example, if a control is NIST is the same control under ISO, there is a Master control tied to each Authority document. There are several videos regarding GRC online for more details. Hope this helps.
Tom
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎10-12-2016 05:11 AM
Tom,
Thank you for the response. UCF is not maintained quarterly (PCI is still on version 3.1 for example). Additionally, it is not accurate (Fedramp is 100% NIST 800-53 and does not reflect that). You are better off downloading the crosswalks that are applicable to yourself and save the $5k+ for your company or organization. Each discipline usually has their own crosswalk for free.
However, my question is how can you import your own control set? I believe I read that you can import a spreadsheet and go from there. Or does ServiceNow have that plugin made already? I am trying not to spend 80 hours watching videos; I would prefer a SAG that covers every situation which glorifies the functionality of ServiceNow GRC. Thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎10-12-2016 06:29 AM
You can import your own controls. I used to import NIST and FedRAMP controls prior to the UCF integration. There are several ways to import these, but the easiest is to use the Load Data menu and import the spreadsheet and map to the Controls table.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎10-13-2016 10:15 AM
Thank you. Were you able to find any good tutorials or did you just "wing" it?