Purpose (Use Case) |
Focuses on a comprehensive risk-based specification of controls suitable for most organizations with a rigorous approach to evaluation, which is suitable for high assurance requirements |
Targeted Coverage |
NIST SP 800-53, HIPAA, FedRAMP, NIST Cybersecurity Framework, AICPA TSC, PCI DSS, GDPR, and a full range of others |
Number of Control Requirement Statements |
2,000+ based on Tailoring (360 average in scope of assessments) |
Flexibility of Control Selection |
Custom Tailoring |
Evaluation Approach |
PRISMA 3x5 or 5x5: Control Maturity assessment against either 3 or 5 maturity levels (Policy/Procedure/Implemented/
Measured/Managed) |
Level of Effort / Level of Assurance Conveyed |
High |
Certifiable Assessment |
Yes, every two years |