HomeGuidesAPI ReferenceChangelogDiscussions
Log In

Security Controls

Security Control Implementation Module

This page contains information to assist our customers with utilizing the Security Control Implementations module in RegScale. It describes what it is, why you would use it, the benefits, and provides instructions on getting started.

What is it?

A security control is a safeguard or countermeasure to avoid, detect, counteract, or minimize security risks to physical property, information, computer systems, or other assets. Control implementations are specific policies, tools, and techniques that are used to satisfy the security control requirements. Common synonyms for security controls might include:

  • Requirements
  • Control Implementations
  • Security Checks

Why would you use it?

Security control implementations are used to build Security Plans (which typically consist of many security controls that impact specific asset(s) or system(s)). These security plans are typically built to satisfy compliance requirements such as NIST 800-53, ISO 27001, HIPAA, or PCI DSS. There are many reasons to implement security controls which include:

  • Conducting automated assessments
  • Tracking the date a control was last assessed/tested
  • Updating security plans
  • Verifying compliance with regulations
  • Documenting organization policies and implementations
  • Collecting audit/testing evidence

What are the benefits?

A strong security control implementation program results in multiple benefits for an organization; to include:

  • Reducing costs and improving situational awareness by automating compliance checks
  • Avoid audit findings by continuously monitoring the status of security controls
  • Evergreen security plan documentation and keep everything up to date without manual labor
  • Ensure you controls are fully compliant with applicable laws and regulations
  • Improve accountability and repeatability by documenting security policies and associated implementations
  • Securely store testing evidence using our AES-256 encrypted evidence locker

How do I use it?

The security control implementation module in RegScale Community Edition (CE) provides a number of key features that are useful in managing a robust program, to include:

  • Tracking the date last assessed/tested for each security control
  • Tracking process and practice maturity as defined by the Cyber Maturity Model Certification (CMMC)
  • Defining policy and implementation details for each security control
  • Real-time tracking and dashboards
  • Automation via our Application Programming Interfaces (APIs)
  • Single pane of glass assignment tracking via our work bench
  • Automated workflows for review and approval
  • Interactive timeline builder
  • Social collaboration via our News Feed (LinkedIn for Compliance) and real-time commenting system
  • Secure evidence management with our file upload and encryption system
  • Audit history including every view, update, print, email, etc.

For our Enterprise Edition (EE) customers, you get all the great features above, plus we add:

  • Ability to create custom fields to extend the schema and build out customer specific data entry forms
  • Integration with Microsoft Teams and Slack for real-time collaboration
  • Ability to host a multi-tenant version to segregate data by site, customer, organization, etc. to run many different security control implementations with complete data isolation from a single installation
  • Real-time interactive dashboard with Microsoft PowerBI AddOn