Cybersecurity Management System (CSC) — Docs

The Cybersecurity Management System (CSC) module provides a comprehensive set of baseline security controls to safeguard against cyber threats. It supports multiple compliance frameworks, enabling organizations to assess their security posture, track control implementation, and perform GAP analysis.

Supported Frameworks

Framework availability by subscription plan:

And many more see on Frameworks page.

Multi-framework selection by plan:

• Community — access to one cybersecurity framework
• Premium — select and manage up to three frameworks simultaneously
• Ultimate — access to all frameworks with full multi-framework integration and cross-mapping support

Dashboard

The CSC dashboard is divided into two sections.

Charts

1. Pie chart — distribution of control statuses as a proportion of all controls
2. Radar chart — security maturity levels per domain, based on ISO/IEC 21827:2008 methodology

Controls Table

The controls table and the section navigation rail are presented together in a single card. The section rail (left-side index of framework domains) is visible on large screens (lg: and above) and hidden on mobile — use the table directly on narrow viewports.

Controls Mapping

Controls Mapping provides cross-framework visibility by linking related controls across different standards. When two or more frameworks are active, the platform automatically identifies and surfaces connections between their controls.

Mapped Control Count

Each control displays the number of controls from other active frameworks it is mapped to. This gives an at-a-glance indication of cross-framework coverage without leaving the controls table.

Detailed Relationship View

Clicking on a mapped control opens a detailed view showing exactly which controls from other frameworks are linked. This allows you to understand shared obligations and avoid duplicating evidence collection across standards.

Linked Tasks

Mapped controls also surface the tasks already linked to their counterparts in other frameworks. This means evidence captured for one framework’s control is immediately visible when reviewing the corresponding control in another — reducing redundant work.

Controls Mapping Matrix

The Controls Mapping Matrix provides a full visual overview of the mapping status between any two active frameworks. It renders as a grid where rows represent controls from one framework and columns represent controls from another, with each cell indicating whether a mapping exists.

Use the matrix to:

• Identify gaps — controls in one framework with no mapped equivalent in another
• Spot overlaps — a single implementation effort that satisfies requirements in multiple standards
• Accelerate onboarding — when adding a new framework, understand which existing controls already provide coverage

Statement of Applicability (SoA)

The Statement of Applicability documents which controls from a selected framework apply to your organization, along with their implementation status and justification.

The SoA can be exported directly from the platform in the following formats:

• HTML — for web-based sharing and online documentation
• PDF — for formal submissions, auditor packages, and archiving
• Excel — for offline review, annotation, and stakeholder distribution
• OpenDocument (.ods) — for compatibility with open-source spreadsheet applications

The export reflects the current state of your control selections, ensuring the SoA stays in sync with your compliance posture without any manual rebuild in external tools.

Maturity Levels (ISO/IEC 21827:2008)

Maturity level is based on ISO/IEC 21827:2008 - Systems Security Engineering - Capability Maturity Model:

Task Import Templates

Task import templates generate tasks directly from the controls of your enabled CSC frameworks. Each generated task is automatically linked to its corresponding control, providing a fast way to bootstrap compliance work.

To import tasks from a template:

1. Navigate to All Tasks
2. Click Import from Template
3. Select the framework to generate tasks from
4. Confirm the import

Add a Control to a Task

From a task in edit mode, open the Cybersecurity Controls tab:

1. Select a control from the dropdown (format: CODE: Section, Control name, e.g. MVSP-1.5: Business controls, Training)
2. Set the Status — if the control has an Unknown status, a dialog prompts you to set the maturity level immediately
3. Read the control requirements
4. Add additional controls with + Add Control
5. Remove a specific control with the Remove button next to it

Bulk Linking to Mapped Controls

When multiple frameworks are active, linking a task to a control can be extended to all mapped controls across other enabled frameworks. The platform supports both per-control and bulk linking. When using bulk linking, the status from the source control is automatically propagated to all mapped target controls, reducing duplicate effort across frameworks.

Delete

Controls associated with a task can be deleted individually by clicking Remove next to the specific control, or all controls can be cleared by deleting the associated task.

REST API

The CSC module is fully covered by the Unicis REST API. The following endpoints are available (authentication via Bearer token):

For the full reference and an interactive Swagger UI, visit /api-docs on your Unicis Platform instance.

Activity Logs

Access audit logs by opening the associated task and navigating to Audit Logs → Cybersecurity Audit Logs.

Logged events:

• Created
• Updated
• Deleted