Add a model for a Control, which ou can use to document control statements, owners, governing policies, etc.

2025-12-06 14:24:12 +00:00 · 2020-09-17 10:38:11 -05:00
parent a66764470c
commit e289d6d8f4
13 changed files with 238 additions and 0 deletions
--- a/themes/comply-soc2/controls/README.md
+++ b/themes/comply-soc2/controls/README.md
@@ -0,0 +1,33 @@
+# Controls
+
+Controls explicitly state a specific action that the organization will take to enforce a Policy goal.
+
+## Format
+```
+name: Access Control Procedures
+family: Access Control
+identifier: AC-2
+governingPolicy:
+  - policyName: Access Onboarding and Termination
+    policyID: SDM-AOTP
+    policyClause: 1.1
+owner: Director, Security & Compliance
+published: 2020-01-01
+targets:
+  TSC 2017:
+    - CC6.1
+    - CC6.2
+    - CC6.3
+  NIST 800-53:
+    - AC-1
+revisions:
+  - date: Sep 1 2020
+    comment: Initial documentation of control
+---
+1. Develop, document, and disseminate to all employees:
+
+    1. Organizational access control policy that:
+
+        1. Addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and
+
+```