Relate a policy statement to a citation

A single policy statement can be mapped to many citations from different authority documents. This function allows you to test a policy statement once while complying with many different citations.

Before you begin

Role required: sn_compliance_admin or sn_compliance_manager

Procedure

  1. Navigate to Policy and Compliance > Compliance > Citations.
  2. Open a citation.
  3. In the Policy statements related list, click New.
  4. Fill in the fields on the form, as appropriate.
    Table 1. Policy Statement
    Field Description
    Name The name of the policy statement.
    Source A non-editable field with the source of the policy. For example, if the statement is from the UCF import, the source is UCF.
    Reference A unique numerical identifier.
    Policy The parent policy statement supported by this policy statement.
    Parent References the parent content.
    Active If the policy statement is not in the Draft or Retired states, a policy is marked active.
    Source ID The unique identification number used by the source to catalog this authority document.
    Category

    Select from a list of options:

    • Acquisition or sale of facilities, technology, and services
    • Audits and risk management
    • Compliance and Governance Manual of Style
    • Human Resources management
    • Leadership and high level objectives
    • Monitoring and measurement
    • Operational management
    • Physical and environmental protection
    • Privacy protection for information and data
    • Records management
    • System hardening through configuration management
    • Systems continuity
    • Systems design, build, and implementation
    • Technical security
    • Third Party and supply chain oversight
    • Root
    • Deprecated
    Classification

    Select from a list of options:

    • Preventive
    • Corrective
    • Detective
    • IT Impact Zone
    Type

    Select from a list of options:

    • Acquisition/Sale of Assets or Services
    • Actionable Reports or Measurements
    • Audits and Risk Management
    • Behavior
    • Business Processes
    • Communicate
    • Configuration
    • Data and Information Management
    • Duplicate
    • Establish Roles
    • Establish/Maintain Documentation
    • Human Resources Management
    • Investigate
    • IT Impact Zone
    • Log Management
    • Maintenance
    • Monitor and Evaluate Occurrences
    • Physical and Environmental Protection
    • Process or Activity
    • Records Management
    • Systems Continuity
    • Systems Design, Build, and Implementation
    • Technical Security
    • Testing
    • Training
    Description Describe the policy statement and how it supports the goals of the organization.
  5. Click Submit.