View compliance through your unique lens with Custom Frameworks

Custom Frameworks are available with the Compliance Module. See our plans page for more information about levels of features and access.

Use Custom Compliance Frameworks to personalize your view of regulatory controls and best practices. You can tailor compliance criteria to your industry and internal policies, or make  adjustments to existing frameworks to better suit your needs.

Add a custom framework

You can create your own Custom Framework, a brand new framework without any controls, and then add each control individually.

Step 1: Start creating a custom framework

1. In a Scorecard, go to Compliance in the left navigation panel.
   
   
2. Click + New Framework on the right side
   
   
3. Provide the following information and then click Create:
   • A name for the new framework
   • A URL for source or help materials, such as https://www.cisecurity.org/controls
   • A short description to help others understand its purpose at a glance
   • A longer description with more details

Your new framework page appears with no data.

Step 2: Add controls to your new framework

Tip: See examples of controls that you can add.

1. In the page for your new framework,  click + Add Control.
   
   
2. Provide the following information for the new control and then click Create:
   • A tracking key for this control within the framework, such as  1.1 or A2
   • A name for this control
   • A description with the rationale or details related to the controls
   • A SecurityScorecard data source to be associated with the control. You can use the following types of data:
     • Signals > Count By Type: Find each issue matching the type you specify. Any found issues will indicate a conflict.
       

       Note: This is the most commonly used data type mapped to compliance controls, and will likely be the primarily used option.

     • Signals > Values by Type: A light version of Count by Type. Find the number of issues matching the type you specify.
     • Signals > High Severity Count: Find any and all high-severity issues associated with a Scorecard.
     • Signals > Score Impact by Type: See whether a specified issue is affecting the score.
     • Signals > Total Count: Get a count of all issue findings on the Scorecard.
     • Signals > Negative count: Count of all low-, medium- and high-severity issues.
     • App Signals > Values by type: Check for any discovered cloud account misconfigurations as they relate to specific controls in common, public frameworks.
       

       Note: This option requires a connection to a cloud account.

     • App Signals > Count by type: Check for any discovered misconfigurations for a specified cloud account type.
       

       Note: This option requires a connection to a cloud account.

     • Evidence Locker > Count by Category: Find whether or not a specific compliance document type exists within Evidence Locker.
     • Scorecard > Factor Score: Check if any specific factor is greater than 90 points. A score less than 90 appears as a conflict.
     • Scorecard > Overall Score: Check if the overall Scorecard’s score is over 90. A score less than 90 appears a conflict

After adding controls to your framework, go back to the main Compliance page to see your new framework.

Customize a framework

You also can customize a framework by adding, editing, or removing controls in a copy of that framework.

1. Select to the framework you want to customize.
2. Click Make a copy.
3. Give the copy a new name.
4. Click Make a copy in that dialog.

Add a control

In the copied framework, click + Add Control and set up that control.

Edit a control

Click the three dots at the right of the control and select Edit Control. You can then adjust any of the settings for the control.

Delete a control

Click the three dots at the right of the control and select Delete Control.

Get help

If you need help or have questions, submit a Support request.