Evaluate Controls for a CISSP Vendor Review
Introduction
A CISSP Review primarily consists of Control Categories with Sub-Controls that can be marked as ‘Not in Place / In Place’ and ‘Not Audited / Audited’.
Not In Place / In Place - A Control Category or Sub-Control may be marked as ‘In Place’ if there is some evidence that the controls are being implemented
Not Audited / Audited - A Control Category or Sub-Control may be marked as ‘Audited’ if there is concrete evidence that the controls are being implemented, usually found in an audit document.
Step-by-Step Guide
Within a CISSP Vendor Review, open the ‘Evaluate Controls’ Menu
Select each Control Category to open the Sub-controls
Based on documentation, toggle the In Place and Audited switches for each Sub-control
If all Sub-controls are In Place or fully Audited, use the drop down menus to toggle all Sub-controls in the category
Video Tutorial
Related Articles
- Create a CISSP Review Vendor
- Sharing a CISSP Review with an Organization
- Create an Organization
- Create a CISSP Review Vendor Sub-Control
- Create a CISSP Review Vendor Solution
- Evaluate Controls for a CISSP Vendor Review
- Create a CISSP Review Vendor Control Category Template
- Generate a Summary for a CISSP Vendor Review
- Push a CISSP Review to Quantivate
- Select an Organization
- Set a CISSP Vendor Review Rating
- Perform a CISSP Review
Last Updated: July 30, 2021 |
Author(s): Cole Rowell |