This section provides orientation on how to create mappings between controls from knowledge bases and requirements from authoritative documents. Authoritative documents are comprised of requirements representing rules and standards subject to verification, while a control describes a good security or risk management practice. Generally speaking, controls are created because of these requirements as a way to help ensure they are being met.
Through these mappings, the analysis results of controls already investigated in projects can be displayed for the requirements associated with them. If certain controls have not been implemented, it’s likely that the requirements they are associated with are likewise not met. You can view the analysis results for controls and their associations with requirements through organizational and risk queries. For details, see Chapter 17: Organization -> Organizational Queries and Chapter 5: Risk -> Risk Queries.
Some mappings are provided by Modulo with the system installation, though you can also get in touch with the support team to obtain the spreadsheet with the mappings and check for updates. In addition, these mappings can be created manually through an import template available in this section. Once imported, these mappings can be viewed in the main list and deleted if necessary. Note that if a new version of a knowledge base or authoritative document is published, mappings from earlier versions will be replicated for the newer ones. In addition, when creating a copy of a knowledge base, there is an option to copy the mappings between its controls and requirements.