Control Compliance Suite lets you connect to the Response Assessment module and assign the CCS assets to questionnaires to collect the evidence data.
Table: Collect data from RAM lists all the tasks that you must do to successfully view the evidence data from the questionnaires.
Table: Collect data from RAM
Task |
Description |
||
---|---|---|---|
Assign roles |
Assign the Asset Viewer role to users answering the questionnaire about CCS assets. The role determines what you can see and perform in the CCS Console. |
||
Configure the RAM database |
Configure the SQL Server settings to connect to the RAM database. |
||
Create asset groups |
Create the asset groups to use in the questionnaires. Individual assets can be used but they must be part of an asset group for the Policy module to use. An asset group consists of assets of one or more types. The grouping is represented in a hierarchical fashion with nested subsets. You can create dynamic and static asset groups to organize the assets into logical groups. |
||
Enable the CCS connection |
Enable the connection to the CCS application server to collect the evidence data. |
||
Create a questionnaire |
Create a questionnaire or choose a questionnaire from the predefined content folders. Refer to the Response Assessment module User Guide for steps on how to create a questionnaire. |
||
Add an asset group variable |
Create a user-defined property and assign it to a CCS asset. |
||
Invite questionnaire users |
Invite users to the new questionnaire and select the CCS asset to link to the questionnaire. |
||
Create a policy |
After the evidence data is in the database, create a policy for the questionnaire from the CCS console. Create a policy and link it to the same asset group that is linked to the questionnaire. The policy reports do not work if not linked to the same asset group. |
||
Map control statements |
After the policy is created, map the control statements to the policy. The control statements are mapped to the frameworks and regulations that your enterprise must adhere to. The policy reports do not work if the policy and questions in the questionnaire are not linked to the same control statements. |
||
Publish the policy |
After the policy is mapped to the control statements, publish the policy for user acceptance. See Publishing a policy. |
||
Synchronize the reporting database |
After the policy is published, synchronize the reporting database to run reports.
See Running a job now. |
||
Run reports |
After data is synchronized, run the following reports to view the RAM data:
See Scheduling a report . See Viewing a report. |