- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-08-2020 05:07 AM
Why we have control objective in citation. can anyone give me an example and explain
Solved! Go to Solution.
- Labels:
-
Policy and Compliance Management
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-08-2020 12:06 PM
Simply, the authority document is the parent (header) type record that describes the document itself, the citations are the paragraphs or bullets that make up the authority document, the control objectives are the specific details on what needs to be done.
For example, auth doc is NIST 800-53 cyber security framework, citation is you should have a strong password, control objective is configure the password policy to use mixed cases and 2fa.
The other benefit is that the control objectives can be harmonized across multiple citations and multiple regulations; giving you the ability to test a single control and show compliance to multiple regulations. This is what we do with the UCF integration.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-08-2020 05:18 AM
This discussion should get you in the right direction.
Understanding the relationship between policies, statements and citations
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-08-2020 05:24 AM
Hi Jing,
Thank u for the reply but I am unable to open that link
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-08-2020 06:30 AM
My bad, here is the correct URL https://community.servicenow.com/community?id=community_question&sys_id=be9d3619db3fe3c0fece0b55ca96...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-08-2020 12:06 PM
Simply, the authority document is the parent (header) type record that describes the document itself, the citations are the paragraphs or bullets that make up the authority document, the control objectives are the specific details on what needs to be done.
For example, auth doc is NIST 800-53 cyber security framework, citation is you should have a strong password, control objective is configure the password policy to use mixed cases and 2fa.
The other benefit is that the control objectives can be harmonized across multiple citations and multiple regulations; giving you the ability to test a single control and show compliance to multiple regulations. This is what we do with the UCF integration.
