This page contains information to assist our Enterprise Edition(EE) customers with utilizing the Inheritance feature in RegScale. It describes what it is, why you would use it, the benefits, and provides instructions on getting started.
What is it?
The Inheritance feature allows you to define control implementations at a high level in a Security Plan or Policy which can then be inherited down efficiently to child security plans for components.
Why would you use it?
There are many reasons to use this feature which include:
- Allows "tiering" of security plans or components for efficiency
- Aligns to current cloud security approaches such as FedRAMP
- Applies efficient separation of duties between systems or components
What are the benefits?
This feature has multiple benefits for an organization, including:
- Reduced manual data entry by inheriting controls
- Re-use and minimization of assessment labor for the inherited control
- Faster Authorization to Operate (ATO) and approval processes by minimizing the amount of unique work to be done for a given system or application
How do I use it?
Instructions for using this feature are provided below (NOTE: This feature is only available for Enterprise Edition (EE) customers):
- Select any Security Plan or Component and navigate to the data entry form for that record
- In the Utilities section on the left side, select the "Inheritance" option
- The first step is to select the type of object you wish to inherit from (Policy or Security Plan)
- Next, you select the specific record
- NOTE 1: If the record has no controls, you will not be able to inherit
- NOTE 2: If the record is a security plan, then the controls must check the "Inheritable" flag in order to be inherited using this feature. The owner of that security plan must authorize inheritance of the control by setting the Inheritable flag.
- NOTE 3: All policy controls/requirements can be inherited, there is no flag to set.
- Next, from the list of available controls on this object, select the ones to inherit. You can select all, select all by family, or individually select controls
- Finally, review the list of controls to inherit, confirm they are accurate, and click Finish
- A confirmation modal will then pop up showing the number of new controls created, or if they already existed, the number that are now flagged as inherited
- Click the Return button to return to the data entry form where you will see the updated controls in the Explorer panel
The flow chart below describes the process for inheriting in RegScale:
Updated 2 months ago