6.4 SP1 upgraded
we completed the upgrade in our development enviroment to 6.4 spa 1, it is a big change to the control assurance use case. Please help me with the below questions:
1- what is the deferents between control procedures and master control list?
2- The control set is a new field and it is not populated with any value (no selection) to all 13,000 control procedures and master list. It is required in order to scope controls in the compliance engagement, so what is the right thing to do? Bluk update? Manual update? Or am i messing something?
3- i am not sure why application, business process.... is required when generating controls throught the control generator application? And it will generate x number of controls for x number of applications?
- 6.4 SP1
- Community Thread
- controls assurance use case
- Forum Thread
- RSA Archer
- RSA Archer Suite
- Solutions and Use Cases
I hope you're doing well. I wanted to take a chance to respond to your queries.
1. Master Controls was added to the use case to enable companies to have a hierarchy of Controls. Master Controls act as the source of truth for a control and then Control Procedures act as the places within the company that controls have been implemented and may have different owners or applications, etc.
2. For the Controls your organization wants to use/implement, I'd recommend updating them using a bulk update for the specific authoritative sources your organization needs to report on.
3. The Control Generator application is intended to allow companies to instantiate the controls across multiple applications, devices, business processes, business units, etc. So it inspects items tagged against the master control based on what you select and creates a copy of the Master Control based on identified relationships with the elements you select.