Transform Your Business. Take Action Now!

Curious about how our solution fits your needs? Request a personalized demo, and our experts will guide you through the features and benefits.

Home

•

Features

•

About Us

•

Blogs

•

Frequent Questions

•

Contact Us

•

Terms & Conditions

•

Privacy Policy

•

Access to CSFaaS

© 2025 CSFaaS. All rights reserved.

1. Welcome to CSFaaS

1. Welcome to our Platform

2. What is CSFaaS

3. Purpose of CSFaaS

4. Key Audience

5. Related Publications

2. Discover CSFaaS

1. Discover your environment

2. Log in to your application

3. Multi-Tenant Setup: Creating and Managing Workspaces

4. Discover your Interface & your Dashboard

1. Overview

2. Choose your language

4. Profile

ARV ---- 3. Notifications

5. Discover your settings & configuration

6. Frameworks Manager

7. Policies Manager

8. Controls Manager

9. Risk assessment Demand

10. Risk Registry

11. Remediation Plan Registry

12. Third Parties Manager

13. Systems Manager

14. Form Builder

15. Evidence Manager

16. Changelog Follow-up

17. Analytics and Monitoring

3. CyberSecurity Risk Management - Fundamentals & Guidelines

1. Important Terminology & Key concepts

1. Important Terminology

2. Key risk concepts

3. Risks models

1. Threat

2. Vulnerability

3. Predisposing condition

4. Threat scenarios

5. Likelihood

6. Impact

Overview

4. Risk Exposure

5. Risk Aggregation

6. Risk Appetite & Risk Tolerance

7. Risk Assessment Approaches

8. Analysis Approaches

2. Risk management strategy

Multi Tiered Risk management

Overview

Tier 1 - Organisation view

Tier 2 - Mission/Business Process View

Tier 3 - Information System View

International standards alignment

NIST SP 800-39

ISO 31000

NIST 800-39 and ISO alignment for risk management implementation

ISO, NIST & COSO alignment overview

Define Your Risk Management Strategy

CSFaaS Risk Assessment Methodology

3. Guide to Cybersecurity Frameworks

4. Policies

Understanding Information Security Policies

Program Policy

Issue-Specific Policy

System-Specific Policy

5. Requirements and Controls

Requirements

Controls

6. Supply Chain Risk Management

Cybersecurity - Supply Chain Risk Management (C-SCRM)

Supply Chain & Supplier Relationships International standards & Best practices

7. Trust, Trustworthiness & Organizational Culture

Trust & Trustworthiness

Establishing Trust Among Organizations

Trustworthiness of Information Systems

Effects of Organizational Culture on Risk Management

4. Prepare your Organisation

1. Customising CSFaaS for Your Security Maturity

2. Get Top Management Approval

3. Identify Mission and Business to support

4. Assign Risk Management Roles

5. Understanding Risk: Impact, Likelihood and Risk Response

6. Defining Impact Type and Risk Categories

5. Workspace Settings & Configuration

1. General Settings

2. Framing Settings

1. Initial Setup

2. Framing Options

3. Automatic Tailoring Options

3. Catalog Properties Settings

1. Taxonomies, Framework Alignment, and the Importance of Catalog Properties

2. Global Catalogues Settings

3. Module-Specific Catalogues Settings

4. Notifications Settings

5. Billing & Limits Settings

6. Users Settings

7. Roles Settings

8. Workflows Settings

9. SLA (Demands) Settings

Overview

6. Prepare your Systems & Key Components

1. System Classification

2. System Management Interface Overview

3. Create a System

4. Document the system

5. Edit, Update or Delete your Systems

6. Advanced Search with Multiple Filtering Options

7. Define & Tailor your Systems settings

8. Examples

7. Manage your Supply Chain

1. Third Parties Management Interface Overview

2. Create a Third Party

3. Document the Third Party

4. Edit, Update or Delete your Third Parties

5. Advanced Search with Multiple Filtering Options

6. Tailoring Third Parties Catalogues to Meet Your Needs

8. Manage your Framework(s)

1. Frameworks Features Overview

2. Define your applicable framework(s)

3. List of Applicable Frameworks

4. Framework Summaries (Alphabetical Order)

AICPA Trust Services Criteria (SOC2)

CCB CyberFundamentals Framework - Small

CCB CyberFundamentals Framework - Basic

CCB CyberFundamentals Framework - Important

CCB CyberFondamentals Framework - Essentials

CCCS – Baseline Controls for SME (v 1.2)

CMMC 2.0 (Cybersecurity Maturity Model Certification v.2)

DORA (Digital Operational Resilience Act)

GDPR (General Data Protection Regulation)

HIPAA (Health Insurance Portability and Accountability Act)

IAPP CIPM (Certified Information Privacy Manager)

ISO 9001:2015

ISO 27001:2022

ISO 42001:2023

NCA CCC (Cloud Cybersecurity Controls)

NCA CSCC Cybersecurity Controls for Critical Infrastructure

NCA DCC (Data Cybersecurity Controls)

NCA ECC (Essential Cybersecurity Controls)

NCA OSMACC (Online Social Media Account Cybersecurity Controls)

NCA OTCC (Operational Technology Cybersecurity Controls)

NCA TCC (Teleworking Cybersecurity Controls)

NIS2 (Network and Information Security Directive 2)

NIST AI 100-1 (Artificial Intelligence Risk Management Framework)

NIST CSF 2.0 (Cybersecurity Framework 2.0)

NIST PF 1.0 (Privacy Framework 1.0)

NIST SP 800-37 (Risk Management Framework)

NIST SP 800-53 rev. 5 (Security and Privacy Controls for Information Systems and Organisations)

NIST SP 1300 (Small Business Information Security: The Fundamentals)

PCI DSS (Payment Card Industry Data Security Standard)

5. Add a framework to your environment

6. Create your own framework(s)

7. Workspace Frameworks

8. Analytics and filtering

9. Domains Management

10. Categories Management

11. Subcategories Management

12. Framework Versioning & Approval Workflow

13. Delete a Framework

9. Manage your Policies

1. Policies Features

2. Import One or More Frameworks

3. Create a Single Policy

4. Analytics and filtering

5. Policies Management

6. Edit your Policy Description

7. Define Policy Contextual Information

8. Multi-Framework Cross-Mapping

9. Categories and Subcategories Management

10. Policy Versioning & Approval Workflow

11. Delete a Policy

10. Manage your Controls

1. Controls Features

2. Set your Control Catalogues

3. Create your controls

4. Reassign Controls to Another Category or Subcategory

5. The 2 ways to edit the controls

6. Set Controls Progression

7. Define Control Properties

8. Link Control to Frameworks

9. Add Evidence to your Control

10. Delete a control

11. Operational Use of the CSFaaS Risk Management Solution

1. Risk process with CSFaaS

2. Risk Management Features

3. Risk Assessment Catalogues and Configuration

4. Risk assessment Demand Filtering Options

5. Demand Workflow Overview

1. Introduction

2. Demand Process without Workflow Enforced

3. Demand Process with Workflow Enforced

4. Risk assessment Demand Workflow Configuration

6. Create a Risk Assessment Demand

1. Risk Assessment Demand Creation

2. Demand initialisation without Workflow Enforcement

3. Demand initialisation with Workflow Enforcement

7. Defining the Risk Context

1. Contextual Information

2. Business Goals and Objectives (BGO)

3. Business Drivers for Security (BDS)

4. Applicable Policies

5. Related Risks

6. Involved Third Parties

7. Involved Systems

8. Risks assessments

SWOT Analysis Overview

The 8 steps methodology overview

Step 1: Add a Risk

Step 2: Define the Risk Profile

Step 3: Assess the Inherent Risk

Step 4: Assess the Current Risk

Step 5: Recommend controls

Step 6: Assess the Target risk

Step 7: Submit for Risk Response

Step 8: Provide a Risk Response

9. Manage Remediation Plans

10. Close a Demand

11. Risk Registry Module

1. Managing Risks

2. Analytics

3. Filtering options

12. Remediation Plan Module

1. Managing Remediation Plans

2. Filtering option

13. Reopen a Demand

12. Manage your Forms with Form Builder

Form Builder features

13. Manage your Evidences

1. Key Features of the CSFaaS Evidence Manager

2. Add Evidence Howto

14. Changelog Tracker

15. Support & Ticketing System

Open and Manage Tickets

16. Conclusion

You are now ready to get a high level of protection

10. Manage your Controls
›
1. Controls Features
10. Manage your Controls
Last updated: 5 months ago

1. Controls Features

The CSFaaS Controls solution allows you to customise policies to meet the specific needs of your business.

This ensures that your security and compliance initiatives are both effective and fully aligned with your organisational objectives.

Security_Control_Manager-2.png

Key Features

Edit Controls

Update the displayed control codes, names, and descriptions to accurately reflect their purpose.

Add New Controls

Create additional controls to expand and enhance your policies as needed.

Delete Controls

Remove outdated or unnecessary controls to keep your policies current and relevant.

Reorder Controls

Use drag-and-drop functionality to reorganise controls, improving the logical flow and structure.

Reassign Controls to Another Category

Move controls to a different category if necessary to maintain alignment and organisation.

Set Control Progression

Track the current and target progression levels for each control to ensure progress is aligned with strategic goals.

Assign Owners

Owners can be assigned to each Frameworks to ensure accountability and clarity.

Set Control Maturity

Define the current and target maturity levels for each control to monitor progress and establish improvement goals.

Define Control Weighting

Assign a weighting to controls to prioritise their impact or importance.

Define the Periodicity Review for Each Control

Specify the frequency of control reviews to maintain their effectiveness over time.

Define Organisational Information

Assign details such as functional domains, business units, and control ownership to ensure accountability.

Define Control Attributes

Specify attributes such as information security property, control function, privacy control function, security domains, control type, and operational capabilities.

Add and Manage Evidence

Attach supporting documentation (such as audit reports, procedures, or policies) to substantiate controls and ensure compliance.

Link Control Items to Frameworks

Establish traceability by linking controls to framework categories or subcategories, enabling tracking of control completion at the framework level.

Collaborate and Document

Facilitate collaboration by adding comments, documenting changes, and maintaining a history of modifications for transparency and accountability.

On This Page

Key Features

Edit Controls

Add New Controls

Delete Controls

Reorder Controls

Reassign Controls to Another Category

Set Control Progression

Assign Owners

Set Control Maturity

Define Control Weighting

Define the Periodicity Review for Each Control

Define Organisational Information

Define Control Attributes

Add and Manage Evidence

Link Control Items to Frameworks

Collaborate and Document

Found an issue?

Report issue