Eleos | Home

Governance Risk and Compliance (GRC)

Organizational Policy Reviews

Level N/A

Review all relevant organizational policies and associated procedures at least annually or when a substantial change occurs within the organization.

Parent

Compliance Framework

CCM v4.0.10

Control Number

GRC-03

Related

Compliance Framework

CIS v8.0

NIST 800-53 Rev 5

Secure Controls Framework 2023.4

CIS v8.0

Control Number

3.1

3.8

4.1

4.2

7.1

8.1

9.1

11.1

12.4

16.1

16.2

PL-1

PM-1

PM-14

PM-17

GOV-03

4.1

17.4

Solutions
Community

Governance Risk and Compliance (GRC)

Policy Exception Process

Level N/A

Establish and follow an approved exception process as mandated by the governance program whenever a deviation from an established policy occurs.

Parent

Compliance Framework

CCM v4.0.10

Control Number

GRC-04

Related

Compliance Framework

ISO 27002:2022

NIST 800-53 Rev 5

NIST CSF v1.1

Secure Controls Framework 2023.4

Control Number

5.1

CM-6

ID.GV-4

CPL-01.1

Solutions
Community

Governance Risk and Compliance (GRC)

Information Security Program

Level N/A

Develop and implement an Information Security Program, which includes programs for all the relevant domains of the CCM.

Parent

Compliance Framework

CCM v4.0.10

Control Number

GRC-05

Related

Compliance Framework

CIS v8.0

NIST 800-53 Rev 5

Secure Controls Framework 2023.4

Control Number

14.1

PM-1

PM-3

PM-14

PL-2

PM-18

PM-31

GOV-01

Solutions
Community

Governance Risk and Compliance (GRC)

Governance Responsibility Model

Level N/A

Define and document roles and responsibilities for planning, implementing, operating, assessing, and improving governance programs.

Parent

Compliance Framework

CCM v4.0.10

Control Number

GRC-06

Related

Compliance Framework

ISO 27002:2022

NIST 800-53 Rev 5

NIST CSF v1.1

Secure Controls Framework 2023.4

Control Number

5.1

PM-29

ID.GV-2

ID.AM-6

GOV-04

HRS-03

Solutions
Community

Governance Risk and Compliance (GRC)

Information System Regulatory Mapping

Level N/A

Identify and document all relevant standards, regulations, legal/contractual, and statutory requirements, which are applicable to your organization.

Parent

Compliance Framework

CCM v4.0.10

Control Number

GRC-07

Related

Compliance Framework

NIST 800-53 Rev 5

NIST CSF v1.1

Secure Controls Framework 2023.4

Control Number

PL-1

ID.GV-3

GOV-01

CPL-01

Solutions
Community

Governance Risk and Compliance (GRC)

Special Interest Groups

Level N/A

Establish and maintain contact with cloud-related special interest groups and other relevant entities in line with business context.

Parent

Compliance Framework

CCM v4.0.10

Control Number

GRC-08

Related

Compliance Framework

NIST 800-53 Rev 5

Secure Controls Framework 2023.4

Control Number

PM-15

GOV-07

Solutions
Community

Human Resources (HRS)

Background Screening Policy and Procedures

Level N/A

Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for background verification of all new employees (including but not limited to remote employees, contractors, and third parties) according to local laws, regulations, ethics, and contractual constraints and proportional to the data classification to be accessed, the business requirements, and acceptable risk. Review and update the policies and procedures at least annually.

Parent

Compliance Framework

CCM v4.0.10

Control Number

HRS-01

Related

Compliance Framework

NIST 800-53 Rev 5

NIST CSF v1.1

Secure Controls Framework 2023.4

Control Number

IA-12

IA-12(2)

IA-12(3)

MA-5

MA-5(2)

MA-5(3)

MA-5(4)

PS-1

PS-2

PS-3

PS-3(1)

PS-3(2)

PS-3(4)

ID.GV-1

PR.IP-11

GOV-02

GOV-03

HRS-01

HRS-04

Solutions
Community

Human Resources (HRS)

Acceptable Use of Technology Policy and Procedures

Level N/A

Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for defining allowances and conditions for the acceptable use of organizationally-owned or managed assets. Review and update the policies and procedures at least annually.

Parent

Compliance Framework

CCM v4.0.10

Control Number

HRS-02

Related

Compliance Framework

NIST 800-53 Rev 5

NIST CSF v1.1

Secure Controls Framework 2023.4

Control Number

PL-4

PL-4(1)

PS-1

PS-6

PS-6(2)

ID.GV-1

PR.PT-2

ID.AM-6

PR.IP-5

GOV-02

GOV-03

HRS-01

HRS-05

HRS-05.1

HRS-05.2

HRS-05.3

HRS-05.4

HRS-05.5

Solutions
Community

Human Resources (HRS)

Clean Desk Policy and Procedures

Level N/A

Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures that require unattended workspaces to not have openly visible confidential data. Review and update the policies and procedures at least annually.

Parent

Compliance Framework

CCM v4.0.10

Control Number

HRS-03

Related

Compliance Framework

CIS v8.0

NIST 800-53 Rev 5

NIST CSF v1.1

Secure Controls Framework 2023.4

Control Number

14.4

AC-11

AC-11(1)

MP-4

PS-1

ID.GV-1

PR.DS-5

GOV-02

GOV-03

DCH-01

DCH-01.1

DCH-03

HRS-01

HRS-05

PES-04.1

Solutions
Community

Human Resources (HRS)

Remote and Home Working Policy and Procedures

Level N/A

Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures to protect information accessed, processed or stored at remote sites and locations. Review and update the policies and procedures at least annually.

Parent

Compliance Framework

CCM v4.0.10

Control Number

HRS-04

Related

Compliance Framework

CIS v8.0

NIST 800-53 Rev 5