Create Security Requirements

Security requirements are configurable requirements that can be distributed to objects such as organizations (internal or external), applications, devices, and locations. Security requirements can be specified in different levels. The levels can be triggered based on several different factors such as classification of information used by the object, or a specific tag added to the object. 

The configuration of security requirements can be found under Governance via the top right menu. 

• Governance/Security Requirements...

Create new requirement​

Examples of security requirements that can be customized and reused are available in Ciso. In this guide a new requirement will be created to illustrate all the options available. Start to create a new requirement by clicking the + sign. 

You can define what information security goals the requirements will contribute to and which cyber security functions (based on NIST). These are mainly used for reporting purposes. Under the “APPLIES TO” section you can define which objects the requirement should be applied to.  

When you are ready, click on the apply button and a new tab named “Specifications” will be added. 

The example above will add the password complexity requirement to all applications since there’s no condition added to the requirement. We have also selected that “Supplier” are responsible to fulfil this requirement. If you want to add a requirement to your own organization as well, you can create another requirement.  

Click “Add Specification”