Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SCF Controls #1384

Open
BobbyMoore opened this issue Jan 19, 2025 · 1 comment
Open

SCF Controls #1384

BobbyMoore opened this issue Jan 19, 2025 · 1 comment
Labels
question Further information is requested

Comments

@BobbyMoore
Copy link

Problem statement

As a new user, the first element I am introduced to is around decoupling:
https://intuitem.gitbook.io/ciso-assistant/guide/understanding-decoupling

The framework requirements are not decoupled so for someone who has to assess across multiple frameworks at the same time this is a challenge in CISO Assistant. This is however, apparent in the SCF framework and is a game changer for time and consistency saving me auditing against the same question multiple times worded slightly different between frameworks, i.e., audit NIS2 and CyberEssentials at the same time.

Expected behaviour

  1. Easiest:
    Would it be possible to add:
  • The SCF Reference Controls
  • The SCF 'translations' of common frameworks, as framework templates 'SCF ISO27001:2022'
  • Assuming ISO is the most common, translations from SCF ISO27001:2022 -> SCF NIST2 (as an example)
    ---I think and hope that reference controls can also be available via a mapping.
  1. Better:
    Mappings appear to be more for an evolution of a framework, opposed to a active/live mapping per se.
    It'd be good to define multiple frameworks for a requirement/question.
    For example, using above, if I updated GOV-01 in Framework A, it would be useful to update GOV-01 in Framework B.

Mock
Example of mapped requirements across multiple frameworks

Additional context
Linked to
Linked to - this was whole framework
@BobbyMoore BobbyMoore added the question Further information is requested label Jan 19, 2025
@BobbyMoore BobbyMoore mentioned this issue Jan 19, 2025
Closed
@eric-intuitem
Copy link
Collaborator

SCF is already available in CISO Assistant.
The mapping provided by SCF are not available under an open license, so we cannot add them.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@BobbyMoore @eric-intuitem