Linking controls to Compliance Frameworks
Compliance frameworks are the structures that contain sets of policies, guidelines, and best practices designed to manage your organization's information security risks. Each framework has sets of requirements that are grouped into categories such as logging or access control and management, to which you can link to compliance controls. Controls state what action your organization should take to achieve compliance. You upload evidence to the control to prove that your organization has completed the action.
When you link a control to a compliance requirement, you are given the option of using all the current and future evidence items from the linked control for the gap evaluation of this compliance item. If you select this option, JupiterOne automatically monitors the control in the context of the linked evidence for the requirement.
To link a compliance control to a framework requirement:
In JupiterOne Compliance, click Frameworks in the left navigation pane.
Select the framework that contains the requirement you want to link to a control.
From the requirement summary page, click Link Control.
From the dropdown menu, select the control you want to link.
Select whether to use all the current and future evidence items from the linked control for the gap evaluation of this compliance item.
The control you just linked now appears on the requirement summary page in the list of all linked controls.