The Symantec Controls Studio lets you customize content to fit the needs of your enterprise. The custom control statements and the custom mandates help you create the policies that suit the regulatory environment that your enterprise must inhabit. You use the Controls Studio to map Symantec-created control statements and custom control statements to the custom mandates that you create and to your policies. You also map any of the control statement to checks, questions, SCAP rules, or external data assessments. You can also use the Controls Studio to analyze your policies to help understand the scope of your policy coverage.
The Controls Studio includes a large number of Symantec-created control statements. In addition, the Controls Studio lets you create your own control statements. Any control statements can be mapped to the regulations or frameworks that you create. You can also map control statements to any Control Compliance Suite (CCS) policy in the Draft state. The Controls Studio lets you map control statements to checks, to questions from the Response Assessment module, to SCAP rules, or to external data assessments.
When you use Controls Studio, you can start from the high-level regulations or frameworks that you require. Alternatively, you can begin from the individual control statements, then build from control statements into regulations or frameworks. Normally, you start by carefully analyzing the regulation or framework to determine the control statements that are required. This analysis lets you reuse control statements in multiple sections of the regulation or framework.
After these pieces are in place, you map checks, questions, SCAP rules, and external data assessments to control statements. Next, you map the control statements to the regulations or frameworks that you created. Then you map the control statements to your draft policies and perform policy analysis.
You can do the following using the custom content feature:
Create custom control statements.
Create custom regulatory content.
Map custom control statements and Symantec provided control statements to custom regulatory content.
Map control statements to checks, questions, SCAP rules, and external data assessments.