on Apr 27, 2018
The RSA Archer Control Standards library consists of over 1,200 best-practice control standards organized through a custom GRC taxonomy developed specifically to align with multiple best-practice external standards and benchmarks.
Control standards specify a particular course of action or response to a given situation. They are topical rather than tactical, serving as management level guidelines that provide specifications for the implementation of corporate policies intended to drive compliance with internal and external corporate objectives.
The Archer Control Standards library is linked to several other Archer libraries such as Policies, Authoritative Sources, and Control Procedures. This provides both a common connection fabric and aggregation point for measuring performance of policy and compliance activities. For example:
- Control standard "ATCS-027: Risk Assessment Process" is mapped to hierarchical policy record 0 Risk Management Policy > 02.3 Risk Assessments > 02.3.01 Risk Assessment Process.
- This same control standard is also cross-mapped to several hundred different authoritative source references, such as ("FFIEC Information Security Booklet > 0 Information Security Risk Assessment").
The benefit of this mapping process is it allows organizations to:
- Understand which controls they need to implement to comply from a regulation standpoint, or from a corporate policy and best practice
- Identify and manage key stakeholder ownership and automate both the process of implementing industry standards across the organization, and training employees on those best
- Simplify risk and compliance performance measurement, monitoring and
Languages
This content is available in the following languages:
- English
- French
- German
- Italian
- Japanese
- Portuguese
- Russian
- Simplified Chinese
- Spanish.
Mappings
Mappings for the RSA Archer Control Standard Library are mapped to policies and authoritative sources which are available in the RSA Archer Policy Library and authoritative source content packs.
Licensing Restrictions
The RSA Archer Control Standard Library is available with the use of the RSA Archer Policy Program Management, RSA Archer Controls Monitoring Program Management, and/or RSA Archer Authorization and Assessment use cases. No additional license is required.
For Additional Support
To learn more about this content, please contact your Account Rep for additional details. To obtain this content or for technical support questions, please open a support case or contact RSA Archer at archersupport@rsa.com for more information.