Is there a way to add custom tabs and fields to compliance package items?
My motivation for this is to help dealing with NIST 800-53. NIST assigns a “security control baseline” designation to each control. We are only required to comply with portions of 800-53 marked as “Low”. I’d like to enter this information into Eramba so I can filter out compliance package items that are out of scope.
Note: See NIST 800-53B for a table mapping each control to their security control baselines.
It doesn’t look like you can customize compliance package items, but there are two ways to handle this in my mind -
Customize your compliance package to be a “800-53 low baseline” package that only contains the relevant package items that you need to comply with. Of course, you have a downside here of not being able to track compliance with the higher level requirements should that be of interest (though, you can load a secondary compliance package with all of NIST 800-53 in that case).
If you still want to use the entire 800-53 baseline and then mark them as not applicable, then set the “Compliance Strategy” to “Not Applicable” for the Compliance Analysis for the particular item. Then you can use a filter to remove all the Not Applicable items from your views…
Thank you. I had not thought of your 1st suggestion, and will consider it. Your second suggestion is also good, and perhaps the better choice.