Preparing for external data integration
You can integrate any third-party application with
Control Compliance Suite
. You can use the ODBC, CSV, or the web services connectors to import the required data into Control Compliance Suite
.Before you import external data, you must do the following:
- Identify the following attributes in the external data:AssetAn asset can be any target object against which an evaluation can be executed. For example, assets, asset groups, folders, or any entity can be classified as assets.AssessmentAn assessment is the parameter that you use to assess your subject. For example, CCS standards or checks, policies, mandates, and third-party controls can be classified as assessments.StatusA status is the outcome or the resultant value of an evaluation. Once you identify the asset and the assessment attributes, all the remaining attributes are considered as the status of the assessment. For example, a particular range of DLP incident IDs can be mapped to the 'Pass' status in CCS. Or, a particular value for password length can be mapped to the 'Fail' status in CCS.For CCS to understand the result, the evaluation outcome must be mapped to one of the following:
- Pass
- Fail
- Unknown
- N/A
CCS consumes and represents data only in terms of the subject-test-result attributes. Hence, before you import external data into CCS, you must map the external data fields to the subject-test-result attributes in the CCS schema. You can map the external data fields to the CCS schema from theExternal Data Integrationview. - Correlate the external system data to CCS.By means of correlation, you basically establish an association between the imported data and the existing Control Compliance Suite assets. Without correlation, you cannot leverage the CCS infrastructure to represent the external data in CCS dashboards and reports. You can correlate the external data fields and the CCS asset fields from theExternal Data Integrationview.
- Configure asset risk aggregation.For risk score calculation, you can use CCS to calculate the risk scores based on the CVSS parameters. Or you can use the risk scores that are defined in the imported data. You can specify the risk score parameters from theExternal Data Integrationview.
Let us take the example of the use-case scenarios to elaborate on the external data integration planning:
Scenario | Description | What you need to do |
|---|---|---|
Import external data and view the data in CCS dashboards without correlating to the CCS assets | You can import the external data and view the data by using the CCS dashboards. For the basic dashboard and panel creation using imported data, you do not need to correlate the external data to the CCS assets. | To meet this business goal, you need to do the following:
|
Import external data and view the data in CCS dashboards in correlation with the CCS assets. | You can import the external data and view the data by using the CCS dashboards in correlation with the CCS assets. By means of correlation, you basically establish an association between the reported entities in the imported data and the existing CCS assets. | To meet this business goal, you need to do the following:
|
Import external data and use it for compliance assessment in correlation with the CCS assets. | You can import the external data and use the data for compliance calculation in correlation with the CCS assets. You can use the imported data to correlate with the CCS assets. You can then calculate the compliance score of the assets based on policies, mandates, and regulations. | To meet this business goal, you need to do the following:
|
Import external data and use it for contributing to the CCS asset risk score. | You can import the external data and use the data for risk score calculation in correlation with the CCS assets. You can use the imported data to correlate with the CCS assets. You can then calculate the risk score of the assets based on CVSS attributes or the risk score that is defined in the external data. | To meet this business goal, you need to do the following:
|