Hi all,
We are currently users of the Policy and Compliance module and are looking to start using the CAMs module but found that they don't really seem to interact with each other.
The root cause of the issue is around entities and how Controls are generated within the CAMs module. For example if you make a entity for "Salesforce" to create controls for in Policy and Compliance and you create an authorization boundary for "Salesforce" in CAMs, it creates a brand new entity for that authorization boundary even though represent the same thing.
This makes it hard to run reports on how compliant an application is as there will now be two entities called "sales force" each with their own score. Additionally, in our case there are policies that have control objectives that are derived from NIST and now they will have to attested to twice for the same control objective
Has anyone had to work around this?
Thanks
Joshua Anderson
