Handling multiple compliance levels (Basic / Important / Essential) in CyFun 2025 framework #3867
-
|
Hello, I am currently working with the CyFun 2025 framework in CISO Assistant and had a question regarding the implementation of different compliance levels. CyFun 2025 defines multiple levels of compliance (Basic, Important, and Essential). I would like to understand what the recommended or best-practice approach is within CISO Assistant to handle these levels. More specifically: Is it advisable to model each compliance level as a separate framework instance? Any guidance or examples would be greatly appreciated. Thank you in advance! |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
Hello, The recommended pattern is to use the implementation groups designed for that and build on the same audit progressively : 
the advanced analytics will help you tracking the levels separately as well, given that you enable the feature flag: 
You can also clone the audit if you want to track each level separately but this adds an extra complexity with low value. Regards |
Beta Was this translation helpful? Give feedback.
Hello,
The recommended pattern is to use the implementation groups designed for that and build on the same audit progressively :
the advanced analytics will help you tracking the levels separately as well, given that you enable the feature flag:
You can also clone the audit if you want to track each level separately but this adds an extra complexity with low value.
Regards