Security Control Environment
COSO Principle 3: Management establishes with board oversight structures reporting lines and appropriate authorities and responsibilities in the pursuit of objectives.
Considers All Structures of the Entity—Management and the board of directors consider the multiple structures used (including operating units legal entities geographic distribution and outsourced service providers) to support the achievement of objectives.Establishes Reporting Lines—Management designs and evaluates lines of reporting for each entity structure to enable execution of authorities and responsibilities and flow of information to manage the activities of the entity.Defines Assigns and Limits Authorities and Responsibilities—Management and the board of directors delegate authority define responsibilities and use appropriate processes and technology to assign responsibility and segregate duties as necessary at the various levels of the organization.Addresses Specific Requirements When Defining Authorities and Responsibilities—Management and the board of directors consider requirements relevant to security availability processing integrity confidentiality and privacy when defining authorities and responsibilities. Considers Interactions With External Parties When Establishing Structures Reporting Lines Authorities and Responsibilities—Management and the board of directors consider the need for the entity to interact with and monitor the activities of external parties when establishing structures reporting lines authorities and responsibilities.
What is a Cybersecurity Compliance Framework?
You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any framework, from custom-built ones to highly-specialized and in-demand top security and privacy frameworks and certifications.
With the Lionfish platform, every framework is supported with guided scoping, policies, controls, automated evidence collection, and continuous monitoring, ensuring efficient preparation for audits or attestation in minimal time.
The Lionfish platform is compatible with a wide range of security and privacy frameworks, including:
- CMMC v2
- NERC CIP-002 through CIP-014 Revision 6
- NIST 800-171
- NIST 800-172
- PCI (Payment Card Industry Security Standard)
- SOC 2
- NIST 800-53
- NIST SP800-161 Supply Chain Risk Management
- CIS Framework Controls V8