TrustedAgent Content

TrustedAgent content framework offers organizations with the maximum possibilities to support regulations, policies, standards, or controls in one central location, to communicate, and ensure implementation of the controls to lower units including divisions, business or functional units, subsidiaries, or vendors within and external to the organizations.

TrustedAgent content framework, pictured below, contains information supporting a full lifecycle of any risk and compliance management process. TrustedAgent content framework comprises of two major components: TrustedAgent Control Content and TrustedAgent Authorization Content.

The control content, shown above, manages data associated with the controls to the TrustedAgent Platform, and delivers these content along with user information and the authorization content, as shown below, as templates for reporting.

Highlighted Features supporting TrustedAgent Content

• Control Content :: Derive requirements from governing regulations, industry standards and guidelines, and organizational-specific policies and practices. Enable organizations to methodically evaluate and document the compliance of IT and non-IT assets. Control content may include industry, organizational, or lower unit guidelines, implementation best practices, and response methods to accelerate control implementation.
• Organizational Content :: Provide the ability for organizations to further define lower units-specific policies, controls, and reporting templates to support unique functional or geographical (country-based) requirements. Content may include additional controls, control test cases, organization guidance, additional requirements, roles, etc.
• Authorization Content :: Generate industry and regulatory-relevant reports and documents, including but not limited to, risk assessment, contingency plan, system security plan, control assessment report, executive assessment summary, attestations, etc. Content can be generated from templates customizable by the organizations.
• Built-in Content Authoring :: Edit existing control and authorization content. Create new content to support any number of unique reporting needs.
• Content Libraries :: Access to open source and commercial content libraries.
  • CNSSI
    • Control :: CNSSI 1253
    • Authorization :: Security Plan, Control Assessment Plan, Risk Assessment, IT Contingency Plan, Assessment Report, Privacy Threshold Analysis (PTA), Privacy Impact Analysis (PIA), System of Records Notice (SORN)
  • Cybersecurity Framework (NIST)
    • Control :: Cybersecurity Controls
    • Authorization :: Security Plan, Risk Assessment, IT Contingency Plan, Assessment Report
  • DIACAP
    • Control :: DoD 8500.2
    • Authorization :: System Information Profile (SIP), Implementation Plan (DIP), Scorecard
  • FedRAMP
    • Control :: FedRAMP 800-53 Rev 4
    • Authorization :: System Security Plan, IT Contingency Plan, Security Assessment Report, Security Control Assessment Plan, Annual Assessment, E-Authentication, Control Implementation Summary, Self-Attestation Letter, Control Tailor Workbook, FIPS 199 Categorization, Risk Assessment, Privacy Threshold Analysis (PTA), Privacy Impact Analysis (PIA), System of Records Notice (SORN)
  • FISMA
    • Control :: NIST 800-53 Rev 3, NIST 800-53 Rev 4
    • Authorization :: Security Plan, Control Assessment Plan, Risk Assessment, IT Contingency Plan, Security Assessment Report, Privacy Threshold Analysis (PTA), Privacy Impact Analysis (PIA), System of Records Notice (SORN)
  • GLBA
    • Control :: FFIEC
    • Authorization :: Security Plan, Control Assessment Plan, Risk Assessment, IT Contingency Plan, Assessment Report
  • HIPAA-HITECH
    • Control :: HIPAA Security and Privacy
    • Authorization :: Security Plan, Control Assessment Plan, Risk Assessment, IT Contingency Plan, Assessment Report
  • ISO (commercial content licensing required)
    • Control :: ISO 27001 and ISO 27002
    • Authorization :: Security Plan, Risk Assessment, IT Contingency Plan, Assessment Report
  • MARS-E
    • Control :: MARS-E Controls
    • Authorization :: Security Plan, Risk Assessment, IT Contingency Plan, Assessment Report
  • Meaningful Use
    • Control :: Menaingful Use - Stage 2 and 3
    • Authorization :: Security Plan, Control Assessment Plan, Risk Assessment, IT Contingency Plan, Assessment Report
  • NEI
    • Control :: NEI 08-09
    • Authorization :: Security Plan, Control Assessment Plan, Risk Assessment, IT Contingency Plan, Assessment Report
  • NERC
    • Control :: CIP Rev 3, CIP Rev 4, CIP Rev 5
    • Authorization :: Reliability Standard Audit Worksheets (RSAWs), Security Plan, Control Assessment Plan, Risk Assessment, IT Contingency Plan, Assessment Report
  • PCI DSS
    • Control :: PCI DSS version 3.0
    • Authorization :: Self-Assessment Questionnaires (SAQ), Attestation of Compliance (AOC)
  • PCI DSS
    • Control :: PCI DSS version 3.1
    • Authorization :: Self-Assessment Questionnaires (SAQ), Report of Compliance (ROC), Attestation of Compliance (AOC)
  • Oil and Gas Cybersecurity Capability Maturity Model (C2M2)
    • Control :: ONG C2M2
    • Authorization :: Security Plan, Risk Assessment, IT Contingency Plan, Assessment Report
  • SANS
    • Control :: SANS Critical Controls
    • Authorization :: Security Plan, Control Assessment Plan, Risk Assessment, IT Contingency Plan, Assessment Report
  • Other Commercial or Third-party Content:: The content can be added at the request of the organization, provided that proper licensing agreement can be obtained either by Trusted Integration or the organization.
    • AICPA :: Trusted Security and Privacy Principles (SSAE 16/SOC 2)
    • BITS :: Shared Assessments
    • Cloud Security Alliance :: Cloud Controls Matrix (CCM) and Consensus Assessments Initiative Questionnaire (CAIQ)
    • COBIT :: COBIT 4.1 and COBIT 5
    • ISMF :: Australian's Information Security Management Framework
    • ISO :: ISO 27001 and ISO 27002
    • Others

Back to top