HERE'S WHY
We’re continually evaluating how to optimize automation for controls and frameworks. On 4/13/2023, we delivered updates to policy-to-control mappings related requirements for the following frameworks:
NIST 800-53
NIST CSF
ISO 27001:2022
NEW POLICY MAPPINGS
We have audited the policies that were mapped to the controls in Drata’s control library, and found opportunities for improvement. We’ve mapped the following policies to the following controls:
POLICY NAME | CONTROL ID |
Asset Management Policy | DCF-606, DCF-621, DCF-622 |
Business Continuity Policy | DCF-602, DCF-603 |
Change Management Policy | DCF-187, DCF-567, DCF-598, DCF-601 |
Code of Conduct | DCF-627 |
Data Classification Policy | DCF-186 |
Data Protection Policy | DCF-186, DCF-590, DCF-592, DCF-594, DCF-595, DCF-596, DCF-597, DCF-647 |
Disaster Recovery Policy | DCF-602, DCF-603 |
Encryption Policy | DCF-609, DCF-645 |
ISMS Plan (2022) | DCF-566, DCF-567, DCF-568 |
Password Policy | DCF-605, DCF-608 |
Physical Security Policy | DCF-625, DCF-655 |
Risk Assessment Policy | DCF-185, DCF-626 |
SDLC Policy | DCF-646 |
System Access Control Policy | DCF-557, DCF-579, DCF-580, DCF-582, DCF-584, DCF-585, DCF-586, DCF-648 |
System Security Planning Policy | DCF-581 |
Vendor Management Policy | DCF-632 |
WHAT SHOULD I EXPECT?
You may see a dip in your control readiness if your compliance program includes the NIST 800-53, NIST CSF or ISO 27001:2022 frameworks.
WHAT DO I NEED TO DO?
Review new policy mappings to see if they are applicable to your organization
If the new policy mappings do not suit your organization, feel free to un-map the policies from controls