Framework readiness shows the current status of each in-scope framework in your environment. It reflects whether the requirements or controls that make up a framework meet the conditions for being "ready."
Use the readiness status to:
Track progress toward compliance.
Identify gaps in evidence or approvals.
Focus your efforts on what's needed to reach audit readiness.
Readiness is dependent on the other:
A framework is ready when its requirements or controls are ready.
A requirement is ready when all its mapped controls are ready.
A control is ready when all conditions for readiness are met.
View Framework Readiness
You can measure readiness by Controls or Requirements.
Controls (default): Readiness is based on the number of in-scope controls that are ready.
Requirements: Readiness is based on the number of in-scope requirements that are ready.
Use the toggle at the top of the Frameworks page to switch between these two options. When you change the toggle, the following pages are updated to reflect your selection:
The Frameworks page
Individual framework detail pages
The Readiness overview section on the Dashboard page.
Your selection applies only to your account. It does not affect other user's views.
When is a Requirement Ready
A requirement is considered ready when all of its mapped controls are ready.
Scenario | Requirement status |
Requirement is mapped to multiple controls and one of the controls is not ready. | Not ready |
Mapped to zero controls | Not ready |
Mapped to multiple controls that are all ready | Ready |
You can filter requirements by their readiness status on a framework page—'Ready' or 'Not Ready'—to gauge what needs your attention. The filter on the left will always apply to Requirement readiness.
When a Control Is Ready
A control is considered ready when it meets all of the following criteria.
Scenario | Control status |
Control is mapped to multiple evidence and one of the evidence is not ready. | Not ready |
Control is not mapped to any evidence. | Not ready |
Control requires approval, and it hasn’t been approved. | Not ready |
Control is mapped to multiple evidence items, and all are valid and approved (if required). | Ready |
Evidence is considered valid if it meets all of the following conditions:
Tests are in a Passing state.
All mapped Policies have a published version.
Mapped Evidence Library artifacts are within their renewal date.
Mapped Miscellaneous evidence (files or URLs) is within its renewal date.
A control that requires approval is approved.
Evidence is considered invalid if any of the following conditions apply:
Tests are in a Failing state.
Mapped Policy is not published.
Mapped Evidence Library artifact has exceeded its renewal date.
Mapped Miscellaneous evidence (file or URL) has exceeded its renewal date.
A control that requires approval is not approved.
On the Controls page you can filter controls by their readiness status—'Ready' or 'Not Ready'—to gauge which controls need your attention.