The new Frameworks and Controls pages allow you to view your security stance through the lens of controls and map them against our existing tests and framework requirements. You are also able to export structured CSVs and Evidence folders that allow you to track progress or work with your Customer Success Manager to get you ready for audit.

With the Frameworks and Controls pages you can:

• Map Framework Requirements to Controls
• Map Controls to Tests
• Mark a Control or Framework Requirement as N/A 
• Map a Test to an existing Control
• Create Custom Tests in the Control Details View
• Export Evidence

You can find the Frameworks and Controls pages in the left side navbar of the Monitoring view:

Frameworks page

The Frameworks page replaces the deprecated Reports page, and offers a report-styled view that allows you to drill into framework requirements and understand how they are powered by controls and tests.

You can see which controls live under which frameworks requirements and work to remediate controls showing the status “Unhealthy”.

Controls page

The Controls page offers a “horizontal” view of your compliance program across all of your frameworks. Here you can view which framework requirements are mapped to each of your controls, regardless of what frameworks they’re in.

With either of these pages, you can drill into the details of a framework requirement or control to see how it relates to other objects in the application.

Related Articles:

• Map Framework Requirements and Controls
• Mark a Control or Framework Requirement as N/A 
• Map a Test to an existing Control
• Create Custom Tests in the Control Details View
• Export Evidence

Frequently Asked Questions (FAQ)

Why is my test marked Not Applicable or N/A by Secureframe?

• One scenario would be that the Test in question has no mapped Controls, which we call an Unmapped Control State. A new " Unmapped" state more clearly show what controls are actively being used in your implemented control set. Controls that are not mapped to at least one active framework requirement will now show as "Unmapped" in the Inactive tab of this page.

Where did the Reports page go?

• The Reports page has been deprecated and replaced by the Frameworks Page, which has a new and improved UX, improved exportability, and uses our new proprietary control layer.

Why can’t I remove a mapping?

• Mappings for Secureframe-authored controls and tests cannot be deleted. If a test or control is N/A for your business, you are still able to disable it.
• In order to edit a control or test, you can also add mappings to other framework requirements or controls. If you would like to replace the control, you should create a custom control to do so.

How do tests, controls, and  framework requirements relate to each other?

• Tests map to framework requirements through controls. All tests in a control that is mapped to a particular framework requirement will also be mapped to that framework requirement.
• Framework requirements are specific to a framework, whereas controls can be framework specific or used as common controls across framework requirements.
  

Are there common controls used in the mappings?

• Yes, Secureframe uses common controls where applicable.

Can I map my tests directly to a framework requirement without using a control?

• No, tests can only be mapped to framework requirements through a control.

Why do I have a Internal Framework in my dashboard?

• Some customers may have a "Internal" framework which is temporary.
• In the past Tests and Controls could be floating and not connected to a framework, and this created issues with the status of the test. To remedy, we are making a more seamless connection between Controls, Tests, Frameworks and status, but in order to do this we need to connect those floating test/controls to a "Internal" framework for the time being.

If Secureframe doesn't currently offer a framework we need, can we request one?

• Yes, absolutely! Secureframe is consistently expanding our compliance frameworks. See our complete list of frameworks here. 
• Alternatively, if you need a framework right away consider using our Custom Framework Feature!