Post

2 followers Follow
0
Vote
Avatar

Clarification of/on Control Changes

Would it be possible when controls are deprecated to advise what the new controls are? Or, if not changed in whole, which parts went where?

For example, when downloading a new build (based on the same authority documents from my first build), I found that a formerly mandated control (#00892) is missing, but a new control (#11749) is now mandated. The thing is, I had to figure out that #00892 is deprecated and discern the new mapping. Can that be provided when a control is deprecated or "included to maintain the legal hierarchy for your selected controls"?

Also, I found some brand new mandated controls in my new build: 00359, 01366, 13112, & 13353

Why were these not in the original build? The authority documents are still the same version? Were these oversights that are being resolved?

Finally, I found some controls that just went away entirely from my build: 11926 & 00700

Similar to above, if the authority documents did not change, why is the control set growing AND shrinking?

 

John Maguire Answered

Official comment

Avatar

Hi John,
Thanks for reaching out to us. We apologize for the issues you have faced with content updates.


We have previously made announcements of these types of updates in our newsletter, and we are currently developing a better methodology for communicating content updates to our users.


We have issued your CCH account a build credit.


Recent Content Updates


We recently released refreshed mappings of some older documents that were mapped before our current tagging system. These are the documents we refreshed: COBIT 4.1, GDPR, and the NIST 800-53r4 documents.


The changes in each document fall into 4 categories:

  1. New Citations,
  2. New Common Control matches,
  3. Redacted Citations,
  4. Citation Reference changes.


How will these changes show up in the CCH?


CCH AD lists will automatically be updated. Generated builds are static and will result in the following differences:

  1. New Citations = new Common Controls that don’t exist in older builds
  2. New Common Control matches = Common Controls that no longer exist in newer builds and new Common Controls that don’t exist in older builds
  3. Redacted citations = Citations and Common Control matches from older builds won’t exist in newer builds
  4. Citation Reference Changes = Newer builds will have different guidance(text) associated with Citation References in older builds


What does this mean for you?


If you have one if these documents in any of your builds you will need to create new builds.


If you use GRC tools you will need to reimport any lists containing these documents to your GRC tools.


If you have any further questions, please contact support at support@commoncontrolshub.com or our sales team at sales@unifiedcompliance.com
Thanks!

Damaris Iglesias

Please sign in to leave a comment.

1 comment