How mapping security controls can ease the compliance burden | TechTarget
CISOs and their teams are expected to demonstrate compliance with a range of regulations, frameworks and standards. With an alphabet soup of frameworks -- NIST, ISO, PCI DSS, HIPAA, GDPR and many other country- or sector-specific mandates -- there is a growing risk of duplicating effort, control gaps and audit fatigue.
CISOs can simplify governance by mapping security controls to the various domestic and international standards and regulations addressing cybersecurity through a unified control architecture.
Why control mapping matters
Enterprises that are required to demonstrate regulatory compliance must prove how they comply. In addition to a variety of audit tests, a map of the controls being used and the corresponding standards is an important piece of audit evidence.
Without a control map, CISOs and their teams can face redundant efforts when connecting controls to specific requirements, a lack of consistent application of controls within the enterprise and additional work gathering...
Copyright of this story solely belongs to techtarget.com. To see the full text click HERE