HomeGuidesAPI ReferenceChangelogDiscussions
Log In


Catalog Module

This page contains information to assist our customers with utilizing the Catalog module in RegScale. It describes what it is, why you would use it, the benefits, and provides instructions on getting started.

What is it?

A catalog is a law, regulation, or other governing document that represents a collection of controls. Catalogs are typically used to govern security and privacy programs (NOTE: they may also be used for other programs such as environment, safety, physical security, etc.) and examples include NIST 800-53, HIPAA, PCI, and GDPR.

Why would you use it?

Catalogs are used by the builders to generate Security Plans, Components, Projects, Policies, and Supply Chain contracts (which typically consist of many security controls that impact specific asset(s) or system(s)). There are many reasons to implement catalogs which include:

  • Flowing down requirements/controls from laws, regulations, or other governing documents
  • Consistently generating artifacts for System Security Plans, Components, etc.

What are the benefits?

A catalog results in multiple benefits for an organization; to include:

  • Improving quality by using a single source of truth for requirements/controls
  • Reducing manual labor to handle changes to regulations
  • Reducing the time needed to create artifacts by powering the RegScale builder systems

How do I use it?

The catalog module in RegScale Community Edition (CE) provides a number of key features that are useful in managing a robust program, to include:

  • Tracking changes to the catalog over time and flowing down changes to related artifacts
  • Real-time tracking and dashboards
  • Automation via our Application Programming Interfaces (APIs)
  • Single pane of glass assignment tracking via our work bench
  • Automated workflows for review and approval
  • Social collaboration via our News Feed (LinkedIn for Compliance) and real-time commenting system
  • Audit history including every view, update, print, email, etc.