Compliance Norms allow you to quickly add Control Groups and Task lists to pentests, so you can easily assign tasks and share how pentests comply with industry standards for audits and specific types of pentests.
You can use pre-defined Compliance Norms set up by Cyver, build your own, or edit Cyver's Compliance Norms to have the best of both worlds.
To start, go to Compliance Norms from Settings on the menu:
Add Compliance Norms
Click the + New Compliance Norm button in the mid-top right to create a new Compliance Norm. Manually add Control Groups and Tasks to proceed. New Compliance Norms default as Draft options, meaning they are not visible to Clients and cannot be used in Projects. This allows you to take time to build an Compliance Norm before publishing it.
Upload New Compliance Norms
1. Click the + New Compliance Norm button in the top right of the platform.
2. Add a name, description, and code for your new Compliance Norm
3. Click Save
4. Select the newly created Compliance Norm from the list
5. Click Control Groups
6. Click + New Control Group
Import from Excel
Cyver Core delivers a library of pre-defined Compliance Norms complete with Control Groups and Checklists. You can download these from our GitHub Repository.
1. Download the XLSX file you'd like to import OR make your own
2. From the Compliance Norms Dashboard, click Excel Operations and Import File
3 . Select the file. Your Compliance Norm will import as a draft Compliance Norm complete with Control Groups.
4. Edit the Compliance Norm to add your own titles or to customize the content
Control Groups
If you import one of Cyver's pre-defined Compliance Norms, it will upload complete with Control Groups attached. You can also manually add Control Groups to a Pentest Norm.
1. Click the Compliance Norm you'd like to edit
2. Click the Control Groups tab
3. Select + New Control Group
Control Groups include:
- Control Objective Code
- Name
- Description
- URL to source/reference
Click ... on the far right of any existing Control Group to edit or delete this data
4. Select the Control Group and click + New Control to add controls. You can edit or delete these controls at any time by clicking ... from the Controls dashboard
Edit or Update Existing Compliance Norms
1. Click on a Compliance Norm from the existing list
2. Click the blue Actions button in the top right corner or select ... to Edit or Delete the Norm
Edit
Click “Edit” to move a Compliance Norm from Draft to Published or to unpublish back to draft. You can also update external links to audit norm sources or reference information.
- Click Group Objectives to manually add new Group Objectives
- Click Tasks to manually add new Tasks
Delete
Click Delete to remove the Compliance Norm from your list. You will have one confirmation popup. Important: At this time, there is no recycle bin or archive. Once deleted, Compliance Norms are gone for good.