What's the purpose of the new "Content Reference" feature/Related List on the Authority Document form?

___miked___ · ‎07-20-2019

What's the purpose of the new "Content Reference" feature/Related List on the Authority Document form? Where can I find documentation on this?

Anushree Randad · ‎07-23-2019

Hi Mike and Jing,

We have added this new related list to all the GRC tables for tagging the content to various frameworks/regulations. For e.g. NIST RMF and NIST CSF related content (controls, policies, policy statements/ control objectives can be tagged as NIST RMF/CSF and you can also tag them to other frameworks/regulations like SOX). Thanks for pointing out that its not documented. We will update it. I hope this helps!

View solution in original post

jing3 · ‎07-22-2019

It looks like it is used by the content packages, such as NIST CSF, and NIST RMF. This might be used if a company have its own Authority Document content.

mikedeandrea · ‎07-22-2019

Thank you Jing. That's interesting. However, those content packs aren't installed.

jing3 · ‎07-23-2019

Hi Mike, Thanks for point it out. I checked you are correct, it looks like it is introduced via GRC: Profiles 7.1.4 upgrade. On the other hand, this update is required by NIST CSF and NIST RMF. Looks like this table, along with others, enables NIST CSF and NIST RMF. I agree with you, no documentation makes it confusing. In another posting, one was trying to use "Content Reference" field to put a given risk statement into different risk frameworks.

How to have a Risk be connected to multiple Frameworks?

I

Anushree Randad · ‎07-23-2019

Hi Mike and Jing,

We have added this new related list to all the GRC tables for tagging the content to various frameworks/regulations. For e.g. NIST RMF and NIST CSF related content (controls, policies, policy statements/ control objectives can be tagged as NIST RMF/CSF and you can also tag them to other frameworks/regulations like SOX). Thanks for pointing out that its not documented. We will update it. I hope this helps!