The RSA Archer Control Standards library consists of over 1,200 best-practice control standards organized through a custom GRC taxonomy developed specifically to align with multiple best-practice external standards and benchmarks.
Control standards specify a particular course of action or response to a given situation. They are topical rather than tactical, serving as management level guidelines that provide specifications for the implementation of corporate policies intended to drive compliance with internal and external corporate objectives.
The Archer Control Standards library is linked to several other Archer libraries such as Policies, Authoritative Sources, and Control Procedures. This provides both a common connection fabric and aggregation point for measuring performance of policy and compliance activities. For example:
Control standard "ATCS-027: Risk Assessment Process" is mapped to hierarchical policy record 0 Risk Management Policy > 02.3 Risk Assessments > 02.3.01 Risk Assessment Process.
This same control standard is also cross-mapped to several hundred different authoritative source references, such as ("FFIEC Information Security Booklet > 0 Information Security Risk Assessment").
The benefit of this mapping process is it allows organizations to:
Understand which controls they need to implement to comply from a regulation standpoint, or from a corporate policy and best practice
Identify and manage key stakeholder ownership and automate both the process of implementing industry standards across the organization, and training employees on those best
Simplify risk and compliance performance measurement, monitoring and
This content is available in the following languages:
Mappings for the RSA Archer Control Standard Library are mapped to policies and authoritative sources which are available in the RSA Archer Policy Library and authoritative source content packs.
The RSA Archer Control Standard Libraryis available with the use of the RSA Archer Policy Program Management, RSA Archer IT Policy Program Management, and/or RSA Archer Authorization and Assessment use cases. No additional license is required.
For More Information
To learn more about the RSA Archer Control Standard LibraryContent:
To learn more about this content, please contact your Account Rep for additional details. For technical support questions, please open a support case or contact RSA Archer at email@example.com for more information.