HomeGuidesAPI ReferenceChangelogDiscussions
Log In



This page contains information to assist our customers with utilizing the Transformer feature in RegScale. It describes what it is, why you would use it, the benefits, and provides instructions on getting started.

What is it?

System Security Plans (SSPs) are typically written leveraging controls from standards such as NIST 800.53, ISO 27001, COBIT 5, etc. Organizations such as the Cloud Security Alliance and Compliance Forge have published control mapping frameworks such as the CSA's Cloud Controls Matrix (CCM) and the Secure Controls Framework (SCF). These frameworks consist of mappings of controls to other controls and in some cases, the creation of a standard control mapped to many other controls. Within RegScale, we give you the ability to create mappings of controls in one catalogue to controls in another catalogue, for example:

  • One control mapped to another control
  • One control mapped to many controls

Once these mappings are created, our transformer feature allows RegScale Enterprise Edition (EE) customers to assess against one standard and associated controls and use the same assessment information to print out SSPs for another standard and its corresponding mapped controls. Assess once, use many. That's the power of RegScale Transformer...more than meets the eye.

Why would you use it?

Instead of creating separate Security Plans for each standard catalogue, you can now create a single Security Plan against a catalogue with a set of mapped controls, allowing you to:

  • Assess a control and use the same assessment information to satisfy a mapped control
  • Print out SSPs against a mapped standard and associated mapped controls (e.g. create a NIST 800.53 SSP and print out a corresponding ISO 27001 SSP)

What are the benefits?

RegScale Enterprise Edition's (EE) Transformer feature provides a number of key capabilites that are useful in managing a robust compliance program, to include:

  • Reuse assessment information to satisfy multiple compliance requirements
  • Potential cost savings and avoidance
  • Meet multiple compliance requirements leveraging a single set of assessment information
  • Visualize a dynamic "spreadsheet" of all controls mapped against their related controls
  • Print out SSPs for multiple standards by selecting the associated mapped standard

How do I use it?

The Transformer feature in RegScale Enterprise Edition (EE) requires users to conduct a one-time mapping exercise. NOTE: You'll need a Maintainer role or above to be able to access this capability. Follow these steps to map a control:

Create a master catalogue

This will allow you to create a source catalogue which can then be used to map to controls in other catalogues

  • Click on your name in the upper right hand corner and select Catalogues
  • Select the source catalogue you'd like to map
  • Click Mappings
  • Select Mapping Conversion -> Convert

Map Controls from a Master Catalogue of Controls to Destination Controls

This will allow you to create a mapping from a master catalogue of controls to destination controls

  • Click on your name in the upper right hand corner and select Catalogues
  • Select the source catalogue you'd like to map
  • Click Mappings
  • Select Mapping Conversion -> Start Mapping
  • STEP 1: Select the Destination Mapping (e.g which control would you like to map from)
  • STEP 2: Select the Source Catalogue (e.g which catalogue would you like to map to)
  • STEP 3: Drag and Drop Controls to the Mapping (e.g. identify which controls in the source catalogue are equivalent to the destination control)
  • Click Visualize to see a dynamic "spreadsheet" of controls from the source as mapped to the destination catalogues