Searching and filtering requirements

Search and filter requirements to view and work with a subset of requirements inCompliance Maps.

Searching requirements

Search your requirements by ID, title, and description.

How it works

When you search for a requirement, all requirements across all of the standards and regulations in the view are searched.

For example, if COBIT 5 Framework and COSO Internal Control Framework 2013 are in view, then all requirements from those two standards are searched. The search always works in combination with applied filters.

Note

If you search for a child requirement, the parent requirement is displayed in a greyed-out state. You can still select the parent requirements in the greyed-out state.

Multiple terms in the search

The search operates using AND logic, enabling precise, accurate, and focused results.

For example, if you enter the search term access control, all requirements that contain the words 'access' and 'control' are searched.

Filtering requirements

Use the All standards and regulations dropdown list to select multiple standards or regulations to filter requirements by.

You can also use the following tabs to view a subset of requirements:

  • Applicable Displays all requirements that are applicable and may or may not be covered by controls.
  • Not covered (Gaps) Displays all applicable requirements that are not covered.
  • Covered Displays all applicable requirements that are covered.
  • Not Applicable Displays all requirements that have been specified as not applicable to the organization.

How it works

When you select the Applicable, Not covered (Gaps), Covered, or Not Applicable tab, all requirements across all of the regulations and standards in view are filtered. The numbers beside each tab title indicate the number of requirements that fall under each filter category.

Example: Combined filters

On the Compliance Maps page, you select COBIT 5 Framework from the All standards and regulations dropdown list. For COBIT 5 Framework, there are a total of 10 applicable requirements, 7 gaps, 3 covered requirements, and 0 non-applicable requirements.

Result The counts on each tab title display as follows: Applicable (10) Not covered (Gaps) (7) Covered (3) Not Applicable (0).

Example: Multiple filters

On the Compliance Maps page, you select the following from the All standards and regulations dropdown list:

  • COBIT 5 Framework
  • COSO Internal Control Framework 2013

For COBIT 5 Framework, there are a total of 10 applicable requirements, 7 gaps, 3 covered requirements, and 0 non-applicable requirements. For COSO Internal Control Framework 2013, there are a total of 20 applicable requirements, 3 gaps, 12 covered requirements, and 0 non-applicable requirements.

Result The counts are added together and the filters display as follows: Applicable (30) Not covered (Gaps) (10) Covered (15) Not Applicable (0).

Scoping requirements

If you have imported a standard or regulation that includes different scoping levels, you can restrict the scope of compliance to only view and report on relevant requirements. If you do not choose to scope requirements, all requirements associated with the standard or regulation display in the tree view.

Example: Scoped requirements

You import NIST SP 800-53 Security Controls (Rev4) / FedRAMP 2016.01 into your compliance map.

In the Standard and regulation details side panel, there are three scope levels:

  • High
  • Moderate
  • Low

Your organization is categorized as moderate, so you need to comply with low and moderate level requirements. You select these options to define the scope of compliance.

Result Only moderate and low level requirements associated with NIST SP 800-53 Security Controls (Rev4) / FedRAMP 2016.01 display in the compliance map.