Control Compliance Suite control statement mappings missing for some mandates in Control Studio
Last Updated June 09, 2014
In Control Studio some select control statement mappings for mandates\frameworks are missing. In particular control statements for certain subsections of PCI 2 and PCI 3 mandates are missing. For reports or dashboards displaying mandate compliancy, some compliancy sections may not receive data due to the lack of these statements.
No error given.
Certain Control Statements were deprecated inadvertently with SCU 2013-3.
If your business reports on mandate and framework compliancy (e.g. PCI, HIPPA, SOX), Symantec has made a special fix available for this issue which can be applied on top of SCU 2014-1. Please update your Control Compliance Suite deployment to SCU 2014-1 first, allow at least one day for system jobs to run overnight, then backup your CSM_DB and CSM_Reports databases. Once the backups are done, read the documentation and then apply the Fix which has been attached to this KB.
Summary of install:
Ensure no scheduled jobs are running during the application of the fix. A backup of your SQL CSM_DB and CSM_Reports databases will need to be made prior to applying the fix in order to recover if needed. The fix consists of an executable run from the application server machine. This fix installs the missing control statements into the appropriate SQL database tables. The application server service account ID and password will be needed to run this executable. After running the fix, a report synchronization job should be launched.
This fix will also be made generally available in SCU 2014-2 targeted for later this year.
Control Compliance Suite 11 with SCU 2013-3 is where this issue first was identified.