The Symantec Controls Studio lets you manage Symantec-created content in the Control Compliance Suite (CCS). It also lets you create your own custom content that can be used in the same way that you use Symantec-created content. Content consists of the regulations, frameworks, and control statements that underlie the policies that you create and publish. Custom content lets you fit CCS to your unique regulatory or framework needs. You use the Controls Studio to map mandates and policies to control statements and control statements to checks, questions, SCAP rules, and external data assessments. Mappings link the regulations and frameworks that affect your enterprise, the policies you create to meet those mandates, and the underlying control statements, checks, questions, SCAP rules, and external data assessments.
You use Controls Studio that is launched from the Manage > Content view to map mandates, policies, and control statements, and to create custom content.
You can create the following custom content types:
You can map any Symantec-created control statements that are included with CCS to the regulations or frameworks for policies that you create. You can also map control statements you create to the regulations or frameworks that you create or to the CCS policies. You can also map control statements to checks, to questions from the Response Assessment module, to SCAP rules, or to external data assessments.
After you have created your custom content, you can use this content in CCS.
When you use the Controls Studio, you can start from the high-level regulations or frameworks that you require. Alternatively, you can begin from the individual control statements, then build from control statements into regulations or frameworks. You start by carefully analyzing the regulation or framework to determine the control statements that are required. This analysis lets you reuse control statements in multiple sections of the regulation or framework, or in multiple policies. You can also use Symantec-created control statements in your custom regulations, frameworks, or policies.
After these pieces are in place, you map the regulations or frameworks you created to the control statements. You then map the control statements to the checks, questions, SCAP rules, and external data assessments. Finally, you create the new policies that match the mandates you use and map the control statements to those policies.
You can use Search to fetch results for Symantec created and custom created content across all workspaces in Controls Studio.
The global search fetches results only from the workspaces that you access in the current session of Controls Studio.