Full disclosure, I was contacted by UCF’s marketing folks and given a demo of the Common Controls Hub, but I did not receive any compensation for this post. These are my thoughts.
You get the call from the boss you have been dreading for weeks. “Jimmy, it’s time to add FISMA to our control set, and we need to be compliant in three weeks. GO!”
Great, another compliance initiative to work into the alphabet soup of controls-pain that haunts security professionals. More standards means more work to make sure that the standard control set you use in your organization will cover any new requirements you face. Compliance and Security frameworks often overlap, and usually just have a small number of requirements that are unique to the industry or data type protected.
I recently had a great conversation with Dorian Cougias from UCF and he turned me on to one of his projects, the Common Controls Hub. I’ve been aware of the great work that Dorian and his team have been doing over the last decade, but the Common Controls Hub was a new one for me. I’ve been heads down on security outside of compliance (or fielding PCI DSS questions, representing just one initiative), so when I got to see this thing in action, I was pleasantly surprised. It’s what I think many of us have been waiting for.
The Common Controls Hub has a library of over 700 different standards from around the globe, and it’s as easy as searching and clicking to add a mess of compliance or controls requirements to your master list. Let’s say that as an organization I need to be able to map the four following standards together: PCI DSS, SP800-53 (FISMA), ISO 27001:2013, and CobiT. Just thinking about that mash-up is giving me a little bit of heartburn. But by selecting those four in the CCH, I’m able to quickly see what my new mandated set of controls would be to cover all of those initiatives.
You can play with all of this on the website itself for free. When you want to build your control set, you have to upgrade your account. See their page for pricing, and don’t get sticker shock. Think about the size of the SOW from a consulting firm if they were to build this for you, or think about the amount of hours you will save yourself by outsourcing.
Overall, I think this is a great tool to have handy. Go check out the Common Controls Hub today and sign up for a free account. Maybe it’s exactly the tool you have been missing!