Record of Processing Activities
Transfer Impact Assessment
Privacy Impact Assessment
Cybersecurity Controls
Cybersecurity Risk Management
Interactive Awareness ProgramUnicis Apps
CSC — Cybersecurity Controls for Jira — Docs
Multi-framework cybersecurity control tracking and GAP analysis app for Atlassian Jira Cloud.
The Cybersecurity Controls (CSC) for Jira is an enterprise-ready solution that provides a comprehensive set of baseline security controls embedded directly in Jira Cloud. It enables organizations to assess, track, and improve their cybersecurity posture using industry-recognized frameworks, while using existing Jira issues as evidence for control implementation.
Demo
Supported Frameworks
| Framework | Description |
|---|---|
| MVSP v1.0 | Minimum Viable Secure Product — baseline B2B security checklist |
| ISO/IEC 27001& 2022 | Information Security Management System |
| NIST CSF 2.0 | NIST Cybersecurity Framework |
| EU NIS2 Directive | EU Critical Infrastructure Cybersecurity |
| GDPR | General Data Protection Regulation |
| CIS Controls v8.1 | CIS Critical Security Controls |
| SOC 2 | Service Organization Control 2 |
| C5 | Cloud Computing Compliance Controls Catalogue |
| OWASP ASVS | Application Security Verification Standard |
Features
- Assign the CSC app to one or more Jira projects
- Link multiple Jira issues as evidence for each control requirement
- Interactive dashboard with pie chart and radar (maturity) charts
- Filter controls by section, control name, and status
- Multi-project support with a unified dashboard across all assigned projects
Requirements
- Atlassian Jira Cloud (not available for Server or Data Center)
- Requires read, write, manage, and storage access to your Jira account
- All data is stored in your Atlassian Cloud instance — not shared with Unicis
Installation
Install from the Atlassian Marketplace.
Configuration
- Click Apps → Manage your apps
- Under APPS on the side panel, click Cybersecurity Control Settings
- Select your Framework control from the dropdown
- Click Add Project to assign Jira projects
Available action per project:
- Delete — removes the project from CSC
Dashboard
Access the dashboard:
- Jira Software project: Select Cybersecurity Controls Dashboard on the left sidebar
- Jira Business project: Select from Apps → Cybersecurity Control Dashboard in the top menu
Charts
- Pie chart — distribution of control statuses as a proportion of all controls
- Radar chart — security maturity levels per domain, based on ISO/IEC 21827
Controls Table
| Column | Description |
|---|---|
| Code | Framework code, e.g. MVSP-1.1 |
| Section | Domain or section, e.g. Business Controls, Application Design Controls |
| Control | Control name, e.g. Training, Self-assessment |
| Requirements | What must be set up and put into practice |
| Status | Current maturity level (dropdown) |
| Tickets | Linked Jira issues as evidence (dropdown selection from project issues) |
Maturity Levels (ISO/IEC 21827)
Maturity level is based on ISO/IEC 21827
— Systems Security Engineering — Capability Maturity Model:| Status | Meaning |
|---|---|
| Unknown | Has not been checked yet |
| Not Applicable | Management has determined this can be ignored |
| Not Performed | Complete lack of recognizable policy, procedure, or control |
| Performed Informally | Development barely started; requires significant work |
| Planned | Progressing but not yet complete |
| Well Defined | Mostly complete; detail lacking or not yet actively enforced by management |
| Quantitatively Controlled | Complete; implemented and recently started operating |
| Continuously Improving | Fully satisfied; actively monitored with substantial auditor evidence |
Add a Control from a Jira Issue
- Open a Jira issue
- Click the CSC logo icon in the issue panel menu
- Select a control from the dropdown in the format:
CODE: Section, Control name- Example:
MVSP-1.5: Business controls, Training
- Example:
- Click + Add Control to add more controls to the same issue
- Click the trash icon next to a specific control to remove it individually
Activity / Audit Log
Access logs by opening the Jira ticket → Activity → Activity logs of CSC.
Log format examples:
[Author] created the Cybersecurity Controls 1/5/2023 3:29:09 PM
[Author] changed the control M/DD/YYYY H:MM AM/PM
MVSP-1.1, Business controls, Vulnerability reports → MVSP-1.3, Business controls, Self-assessmentLogged events: Initial, Created, Added, Removed, Changed
Pricing
See the Atlassian Marketplace Apps pricing page.
Permissions
CSC performs the following actions on behalf of the user:
- Read and write to app storage (App Storage scope)
- Create and manage Jira issues
- Create and edit issues in Jira, post comments, create worklogs, and delete issues
- Manage project settings and create project-level objects (versions, components)
- View active user profile
- View Jira project and issue data
Technical Details
Built on Atlassian Forge UI Kit components using:
ProjectPageIssuePanelIssueActivityAdminPage
Required OAuth scopes:
read:jira-work
write:jira-work
manage:jira-project
storage:appChangelog
v.3.3.0
Minor version update and bug fixes:
- Implemented pagination for fetching all projects.
- Implemented pagination for fetching users.
- Fixed the “Add project” modal: the project dropdown is no longer clipped by the modal container.
- Enabled audit logs (replaced the previous placeholder).
v.3.2.0
Add multilpe framework support and additional frameworks: GDPR, EU NIS2, CIS Framework, C5, SOC 2 and OWASP ASVS.
v.3.1.0
Minor version update.
v.3.0.0
Required scopes changed.
v.2.5.0
Minor bug fixes and improvement.
v.2.4.0
Added new NIST Cybersecurity Framework 2.0
v.2.3.0
Implement Dark Theme.
Implementing ISO/IEC 27001
and ISO/IEC 27001security controls.v.2.2.0
Patched security vulnerability
v2.13.0
Minor fixes
v2.1.0
First release with MVP scope