Hey everyone! I am wondering if anyone would be willing to share a list of internal controls that have been developed to tie back to CIS, PCI, and/or NIST CSF.
I am trying to develop a “stock” set of controls to help folks start out in Eramba. While I understand that controls can and should be tailored to an organization, I also think there is value in giving folks a good starting point. If we can create a common body of broad controls that are import ready to Eramba, that might let people really hit the ground running.
Also, I foresee this being very helpful in also importing compliance packages. If we can develop a list of controls mapped to various compliance packages, we could easily “import” a workable foundation for rapid assessments.
Anyhow, if someone has their controls (audit metrics, etc.) that they could share that would be great. I will also be working on this and post back my control list for others when completed.
Kyle