Security Profiles
Security Profiles Module
This page contains information to assist our customers with utilizing the Security Profiles module in RegScale. It describes what it is, why you would use it, the benefits, and provides instructions on getting started.
What is it?
A security profile is one or more controls across one or more catalogues to build a security baseline (aggregated set of controls). Common synonyms for security profiles might include:
- Templates
- Security Baselines
Why would you use it?
Security profiles are commonly used to develop templates for building/instantiating security plans. Security profiles are the basis of providing our Next->Next->Finish automations for creating security plans. There are many reasons to create security profiles which include:
- Developing templates for creating new security plans
- Aggregating controls across multiple catalogues (i.e. NIST 800-53, PCI, HIPAA, etc.) to create consolidated security plans
- Serving a broad set of security plan needs based on format and control coverage
What are the benefits?
A security profile results in multiple benefits for an organization; to include:
- A "TurboTax" like experience for easily creating security artifacts from templates resulting in rapid time to value
- Minimizing rework when multiple regulations may impact a given system
- Reproducable security plans from template that improve the quality and consistency of compliance artifacts
Steps for Using the Profiles
There are two different options for creating a profile:
- Manual Creation
- Automated Import
Manual creation allows you to individually create a new profile using RegScale catalogs combined with our wizards. The steps for manually creating are below:
- Go to Modules -> Security Profiles and then click the "Create New" button
- Enter the information that is required in the "Basic Info" tab and click "Save"
- A new tab will appear on the form called "Mappings"
- Select the catalog upon which you intend to base the profile (NOTE: You can create profiles across multiple catalogs if desired)
- A list of available controls will display that is grouped by Family
- Select all of the controls you wish to add to the profile (you can select all controls for the catalog or a given family with a single click)
- As you click them, they are automatically saved to the Profile, there is no need to click the save button
- Continue adding/remove controls until the profile is complete
The easier option, if the relevant profile is available/published, is to load it using automation following the steps below:
- Navigate the RegScale Profile Directory to locate the applicable catalog
- Click download to pull down the appropriate JSON file to your local machine
- Go to Modules -> Security Profiles and then click the "Create New" button
- Click the "Import" button and then select the file from the previous step to upload
- Click the "Import Controls" button and then monitor progress for the upload
- NOTE: The profile loader will only work if the profile is based on an uploaded RegScale catalog. If the parent catalog does not exist in your instance, the loader will fail.
In addition to the RegScale supported profiles, you are also able to create, export, and share profiles with other RegScale customers using this methodology.
Updated about 1 year ago