AMA: Map Controls and Frameworks Relationships

circle
circle

AMA is an ongoing series published each Thursday, highlighting questions the community has asked in our support and how-to channels on Slack. If you haven't already done so, please join us on Slack

 

"Is there a way for JupiterOne to map the controls and frameworks relationships?"

--Question from Will on the J1 Community Slack

 

Answer from the JupiterOne Team

Hi Will. Yes, there is. Using the "Edit Control Procedures to Compliance Mapping" query allows you to globally map policies/procedures across multiple frameworks.

Controls and Frameworks Mapping - 01

 

Any query can also be globally mapped across compliance requirements/controls, too.

Controls and Frameworks Mapping - 02

 

We are actively working on the feature to globally map controls, e.g., your company’s internal controls, across frameworks, with the ultimate goal of mapping/tuning queries+evidence to controls just one time + mapping said controls (+corresponding queries/evidence) to multiple compliance and/or regulatory frameworks

Articles in this Series

  1. AMA: JupiterOne and PagerDuty WebHooks
  2. AMA: Export YAML Files for Vendors Pulled from SSO Providers
  3. AMA: Map Controls and Frameworks Relationships
  4. AMA: How to Track Professional Associations, Security Forums, and Threat Intel Sources
  5. AMA: Find AWS Instances by their Private IP Address
  6. AMA: SSO Integrated Authentication, Move to Another Role
  7. AMA: send-mail action to map two properties
  8. AMA: Setup the Policy Accept Button
  9. AMA: Match a blank field in J1QL
  10. AMA: Track and Alert Using Firewall Rules Matrix
  11. AMA: AWS Roles not used for 90 days, and date related queries
  12. AMA: Manage Alerts for Jira through J1 Terraform Provider
  13. AMA: Filter Results from Specific AWS Accounts
  14. AMA: Iterate and return total count of iam users per account
  15. AMA: Search for security groups by tag
  16. AMA: Identify S3 Buckets Open to Cross-Account Attacks

Resources for this AMA

 

 

avatar

Posted By George Tang

I possess extensive senior information security leadership experience from serving hundreds of clients by assessing, designing, and implementing security + enterprise risk management programs. I assess + advise companies (from Fortune 5 to pre-seed startups) on their businesses', products', and environments’ security architectures. Additionally, I own a rare blend of technical subject matter expertise within the cloud technology space across the major hyperscale cloud service providers, i.e., AWS, Azure, GCP, specifically within the infrastructure security domain. Background: information security, cloud security, cyber security, governance/risk/compliance, assessments + advisory, risk management/risk assessment.

To hear more from George, get our newsletter. No spam, just the good stuff once or twice a month. Sign up below.

PREVIOUS ARTICLE

cyber-security 1

Ad Title Placeholder

Lorem ipsum dolor sit amet, consectetur adipiscing elit.