1

Looking to find a reference that maps the various control standards (i.e. HIPAA, PCI-DSS, GLBA, ISO) to each other.

I envision the answer being a spreadsheet that outlines the controls for one standard (say ISO-27002) as row items and the other standards (PCI, HIPAA, GLBA) as columns with the relevant control number:

ISO | Desc                  | PCI | HIPAA | GLBA
-------------------------------------------------
A.1   Data Classification    3.2.1   I.8     2.7 
A.2   Asset Management       3.6.1   283.1   7.9

etc...

Here are a few examples of what I'm looking for, but something more comprehensive that includes all of the standards:

techraf
  • 9,141
  • 11
  • 44
  • 62
HashHazard
  • 5,105
  • 1
  • 17
  • 29
  • 2
    Sounds like a fine piece of work - I look forward to seeing *your* output! ;-) – Julian Knight Sep 29 '16 at 15:28
  • What you're looking for is often called a matrix - [here's an example](https://library.educause.edu/resources/2010/3/compliance-matrix-poster-for-it-compliance-professionals). – gowenfawr Sep 29 '16 at 16:37
  • @gowenfawr other than being a little out of date this is exactly the type of thing (*matrix*) I'm looking for. Any idea where to get an updated version? – HashHazard Sep 29 '16 at 16:50

1 Answers1

-2

Are you familiar with the UCF Common Controls Hub at https://commoncontrolshub.com/? It allows you to create an "Authority Documents List" using your example standards and download a spreadsheet that lets you compare them and identify gaps and overlaps. Very cool.

Bill Montgomery
  • 16
  • 3
  • Bill is right. The folks at BluePrint systems worked with us to integrate this into their software in under 3 months. Everything you need to develop using the API is absolutely free, and you get a free research account in the Common Controls Hub as well. The developer URL is: https://developer.unifiedcompliance.com/ you can try everything online. If you have any questions, sign up in the slack channel (also no cost) and you can ask them there. – Dorian Cougias Nov 28 '16 at 17:57