-
Notifications
You must be signed in to change notification settings - Fork 90
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Mapping Frameworks #185
Comments
@ab-smith Do you think this documentation/data-model.md model is sufficient enough in the long run? Initial situation:
Goal:
Current Model:
|
Hey, sorry @42mst I missed your comment on this one. As a matter of fact, what we are building currently is pretty close to what you're describing using a graph representation; for instance: ![]() we will set the filled arrows, and the dashed ones will be deduced. makes sense? |
@ab-smith Doing this in combination with the #240 will be a gamechanger. |
Hey, we will use the existing mappings as a starting point and keep the same approach of letting the community review and enrich them |
By mapping, can it be used in a way that - having 1 evidence connected to existing Standard (i.e. ISO27001) we will map same evidence to NIST. And if evidence changes it will apply to 2 standards. Currently i have found difficult to control evidence that are mapped to several standards. |
@AndrzejRPiotrowski as a matter of fact, our recommendation is to have evidences attached to applied controls rather than the requirements and it will offers a better reusability and ease of mapping. |
@ab-smith Thinking here if naming convention should be added |
Frameworks don't overlap necessarily, but if it can get half the work pre-done, it's a win
Multiple frameworks already have part of it done and we can improve that
The text was updated successfully, but these errors were encountered: