Skip to main content
Version: 1.2.2

Cybersecurity Controls

CSC

info

Subcription plan availability:

The Cybersecurity Management System is a comprehensive set of baseline controls to safeguard against cyber threats, including regular security assessments, incident response planning, and vulnerability management. By implementing these best practices, companies can effectively protect their sensitive data and reduce the risk of a data breach.

You will see the following screen depending on the Cybersecurity control framework you selected in Settings.

CSC CSC

The Cybersecurity Management System dashboard is coupled of two sectoins.

Firstly, there are two charts:

  1. A pie chart illustrating the status of cybersecurity controls according to the proportion of controls.
  2. Radar charts show security maturity levels in accordance with ISO/IEC 21827:2008 methodology. Showing multiple data points and the variation between them.

Second section is a table with a list of controls:

  • Code special example of a code: MVSP-1.1
  • Section, for example, Business Controls, Application Design Controls, etc.
  • Control name, for instance Training, Self-asessment, etc.
  • Requirements that must be set up and put into practice
  • Status, as detailed below. Dropdown option.
  • *Tickets/Tasks related to the control, or proof to logs and proof of concept for the control's implementation. Dropdown option for team tasks.
tip

A control may have various tasks, or a control may be linked to several tasks. No limitation.

Frameworks

The Cybersecurity Controls app is based on the following frameworks. See the frameworks documentation for a full list.

Minimum Viable Secure Product

Minimum Viable Secure Product - Controls is a minimal security checklist for B2B software and business process outsourcing suppliers, as well as controls for a Minimum Viable Secure Product.

The checklist was created with simplicity in mind and only includes the measures that must be put in place to guarantee a product has a minimally feasible security posture.

The controls should be implemented at a minimum by all businesses creating B2B software or otherwise managing sensitive information in the broadest sense, and doing more is strongly advised.

info

Available on Community and Premium subscription plan.

ISO/IEC 27001

The goal of an Information Security Management System (ISMS) is to protect the confidentiality & integrity of data and availability. You can use this control on any type of organization. This management system is based on the same high-level structure as other management systems.

The Unicis CSC application provides ISO/IEC 27001 revision controls, which were largely updated in the year 2013 and, most recently, in the year 2022.

The display controls can be filtered by parts using Choose a section or filter by status using Choose a status and the number of controls that will appear on each page, for instance: 5, 10, 25, 50 and 100.

info

Available only on Premium subscription plan.

Status

Maturity level is based on ISO/IEC 21827:2008 Information technology — Security techniques — Systems Security Engineering — Capability Maturity Model:

StatusMeaning
UnknownHas not even been checked yet
Not ApplicableManagement can ignore them
Not PerformedComplete lack of recognizable policy, procedure, control etc.
Performed InformallyDevelopment has barely started and will require significant work to fulfill the requirements
PlannedProgressing nicely but not yet complete
Well DefinedDevelopment is more or less complete, although detail is lacking and/or it is not yet implemented, enforced and actively supported by top management
Quantitatively ControlledDevelopment is complete, the process/control has been implemented and recently started operating
Continuously ImprovingThe requirement is fully satisfied, is operating fully as expected, is being actively monitored and improved, and there is substantial evidence to prove all that to the auditors
tip

The pie chart and the radar map above the table will be recalculated if the status of one of the controls is changed.

Add

In the Tasks edit mode the Cybersecurity Controls tab allows you to add cybersecurity control to a task.

  1. Please select a control from a dropdown option
  2. Add a Status
  3. Read more about control requirements
  4. You can add more controls to a task with the + Add Control button
  5. One may also opt to eliminate a control by clicking on the Remove button.
tip

There is no limit to the controls that can be associated with a task. Consider the task as an evidence, sometimes one evidence can provide proof for multiple controls depending on the framework.

Delete

Activity logs

It can be accessed when you open the associated ticket and on Audit logs sections click CSC Audit logs.

We only display changes of the records, such as:

  • Created
  • Deleted
  • Updated