Connecting Security Requirements

Published: August 25, 2023Last updated: April 4, 2024

The security requirements can be used to report compliance towards controls / paragraphs in various standards, regulations, and guidelines.

Security requirements are connected to standards through a statement of applicability.
Template statement of applicability are available for common standards such as ISO 27001 in Ciso.

Connect a security requirement to a statement of applicability

To configure a statement of applicability, navigate via the top right menu to “Compliance” and then select “Standard fulfillment” on the left side menu.\

For this example, we are going to use ISO 27001 Annex A.

Click on the “Edit” button to the right to edit a control.

For the example, use the security requirement created earlier, and connect it to ISO 27001 Annex A 9.4.3.

It’s also possible to connect several security requirements to the same control which can be needed in some cases.

As you will see after connecting the security requirement to the control, the standard fulfillment will change immediately since it’s connected to security requirements fulfillment.

Repeat the same procedure to connect the same security requirement to other standards.