Name* |
The name of the policy statement. |
Source |
A non-editable field with the source of the policy. For
example, if the statement is from the UCF import, the source
is UCF. |
Source ID |
The unique identification number used by the source to
catalog this authority document. |
Reference |
A unique numerical identifier |
Policy |
The parent policy containing the policy statement. If you
create a policy statement from within a policy, this field
is automatically filled. |
Parent |
The parent policy statement. |
Active |
A policy is marked active if it is not in the Draft or
Retired state. |
Creates controls automatically |
Check box indicating that controls are automatically
created from the policy statement. Note: Select this option
if the policy statement can also serve as the
control. |
Category |
Select from a list of options:
- Acquisition or sale of facilities, technology,
and services
- Audits and risk management
- Compliance and Governance Manual of Style
- Human Resources management
- Leadership and high level objectives
- Monitoring and measurement
- Operational management
- Physical and environmental protection
- Privacy protection for information and data
- Records management
- System hardening through configuration
management
- Systems continuity
- Systems design, build, and implementation
- Technical security
- Third Party and supply chain oversight
- Root
- Deprecated
|
Classification |
Select from a list of options:
- Preventive
- Corrective
- Detective
|
Type |
Select from a list of options:
- Acquisition/Sale of Assets or Services
- Actionable Reports or Measurements
- Audits and Risk Management
- Behavior
- Business Processes
- Communicate
- Configuration
- Data and Information Management
- Duplicate
- Establish Roles
- Establish/Maintain Documentation
- Human Resources Management
- Investigate
- IT Impact Zone
- Log Management
- Maintenance
- Monitor and Evaluate Occurrences
- Physical and Environmental Protection
- Process or Activity
- Records Management
- Systems Continuity
- Systems Design, Build, and Implementation
- Technical Security
- Testing
- Training
|
Attestation |
Select from a list of options. |
Description |
Description of the policy statement. |