CYRISMA’s GRC and Compliance Assessment Module is Expanding!

Update: August 29, 2024

Over the past two weeks, we added four more frameworks / privacy standards to the CYRISMA GRC module – PCI DSS, HIPAA, the NIST Cybersecurity Framework, and the ACSC’s Essential Eight For all frameworks included in the GRC module (the four mentioned above and the CIS Controls), CYRISMA users will have the ability to:

• Assess implementation status of ALL requirements, find areas of non-compliance
• Auto-track tactical controls implemented using CYRISMA’s scans
• Assign tasks and set deadlines, upload evidence documents
• Generate detailed assessment reports with customizable recommendations

August 1, 2024

In April this year, we released our popular Microsoft Copilot Readiness Assessment feature, which allows users to examine their Copilot readiness in four main areas: User Information, Organizational Profile, Productivity Tools and Data Security.

Now, with our recently-released CIS Controls v8 Assessment, you can also track your own and your clients’ implementation of all 153 CIS Controls v8 Safeguards.

CYRISMA’s Existing Compliance Tracker

Automatic tracking of tactical controls Implemented using CYRISMA scans

The existing CYRISMA Compliance Tracker already allows users to track the tactical controls they can implement using the CYRISMA Platform. For example, if you have completed a secure configuration scan using CYRISMA, the compliance tracker will automatically mark the related controls (such as the relevant safeguards under Control 4 of the CIS Critical Controls v8) as done.

The standards and frameworks included in the Tactical Compliance Tracker are the CIS Critical Controls, NIST Cybersecurity Framework, Essential Eight, Cyber Essentials, PCI DSS, HIPAA and SOC2.

The tracker is, in itself, a powerful tool that automates a good part of your tactical control assessment across multiple frameworks. This is different from most other Compliance Assessment tools because you’re not just looking at a checklist and marking items off – you’re actually able to implement essential controls AND map those to relevant compliance standards using the same platform.

Three of CYRISMA’s core features bear mentioning here:

• Vulnerability scans (internal, external, authenticated, unauthenticated, web app, agentless, agent-based) and patch management
• Secure OS configuration scans (Windows, Linux and macOS)
• Sensitive data discovery scans

This powerful trio enables users to meet a large part of their compliance mandates, and with the strategic assessments – you get a holistic feature-set to conduct, correlate and streamline your GRC activities.

View a comprehensive list of features here.

How does the CYRISMA GRC Module add to the Compliance Tracker?

The GRC Module and new compliance assessment features will allow you to track not just the tactical controls you can implement using CYRISMA scans but also the strategic controls that require evidence gathering and coordination with different teams and departments.

The assessments will track ALL controls, requirements or safeguards included in the frameworks covered.

CIS Controls v8 Assessment – Feature Overview

CYRISMA’s CIS Controls v8 Assessment, released on July 22, 2024, has been one of our partners’ most requested features in the compliance category. The assessment will allow users to track the implementation of all 153 Safeguards in the CIS Critical Controls version 8, generate reports, and auto-track controls that can be implemented using CYRISMA’s scans.

Here’s what you can do:

• Compliance Percentage: View overall compliance percentage for high-level tracking
• Assessment Questions: View a complete list of controls, safeguards and associated assessment questions in one place. Mark the completion status of individual subcontrols as ‘Yes’, ‘No’ or ‘Partial’
• Implement and track tactical controls: Automatically track controls (auto-marked as completed when done) that are being implemented using CYRISMA’s vulnerability, configuration or data scans.
• Pick Implementation Group: Filter controls by Implementation Group (IG1, IG2, IG3)
• Customize: Customize the covered frameworks by marking specific controls as ‘Not Applicable’ and providing justification for the n/a status
• Collaborate with other departments: Assign controls or questions to team members or relevant departments for easy coordination and establishing accountability
• Set deadlines: Set end dates or deadlines for completion
• Upload documents: Upload evidence as proof of implementation or as additional information for auditors and management
• View blockers: Easily identify blockers and compliance gaps and what’s required to address non-compliance
• Generate Compliance Report: Generate a detailed assessment report with specifics on which controls are implemented, which ones are not, and recommendations for closing the gap.

Frameworks to be added soon

In the coming several weeks, we will be adding compliance assessment features (covering ALL included controls) for:

• HIPAA (GRC features now live!)
• PCI DSS (GRC features now live!)
• NIST CSF 2.0 (GRC features now live!)
• The Cyber Essentials (UK)
• The Essential Eight (Australia)
• NIST 800-53
• NIST 800-171
• ISO 27001

For all of these frameworks, you will get the same features as those listed in the previous section. Later, we will be enhancing the GRC module further with the ability to cross-walk and map controls to multiple different frameworks.

We will be updating this post as new frameworks are added to CYRISMA’s GRC Module. Check back soon for the latest!