Executive Summary
| Severity-weighted score | 0.0% |
|---|---|
| Total controls | 80 |
| Met | 0 |
| Partial | 0 |
| Gap | 80 |
Key Gaps
VS-010Vendor Security Control 010 - gap - severity 5 - missing evidence 3VS-030Vendor Security Control 030 - gap - severity 5 - missing evidence 3VS-045Vendor Security Control 045 - gap - severity 5 - missing evidence 3VS-055Vendor Security Control 055 - gap - severity 5 - missing evidence 3VS-070Vendor Security Control 070 - gap - severity 5 - missing evidence 3VS-005Vendor Security Control 005 - gap - severity 5 - missing evidence 2VS-015Vendor Security Control 015 - gap - severity 5 - missing evidence 2VS-020Vendor Security Control 020 - gap - severity 5 - missing evidence 2VS-025Vendor Security Control 025 - gap - severity 5 - missing evidence 2VS-035Vendor Security Control 035 - gap - severity 5 - missing evidence 2VS-040Vendor Security Control 040 - gap - severity 5 - missing evidence 2VS-050Vendor Security Control 050 - gap - severity 5 - missing evidence 2
Full Controls Table
| control_id | title | objective | evidence expectations | status | severity | evidence_count |
|---|---|---|---|---|---|---|
VS-001 | Vendor Security Control 001 | Ensure Vendor Security control coverage for IDENTITY/ACCESS/MFA with documented ownership and operating cadence. | Policy/procedure artifact demonstrating IDENTITY/ACCESS/MFA governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTITY/ACCESS/MFA.; Recent review evidence with remediation tracking where exceptions were found. | gap | 1 | 0 |
VS-002 | Vendor Security Control 002 | Ensure Vendor Security control coverage for PRIVILEGED/REVIEW/ACCESS with documented ownership and operating cadence. | Policy/procedure artifact demonstrating PRIVILEGED/REVIEW/ACCESS governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PRIVILEGED/REVIEW/ACCESS.; Recent review evidence with remediation tracking where exceptions were found. | gap | 2 | 0 |
VS-003 | Vendor Security Control 003 | Ensure Vendor Security control coverage for LOGGING/MONITORING/RETENTION with documented ownership and operating cadence. | Policy/procedure artifact demonstrating LOGGING/MONITORING/RETENTION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for LOGGING/MONITORING/RETENTION.; Recent review evidence with remediation tracking where exceptions were found. | gap | 3 | 0 |
VS-004 | Vendor Security Control 004 | Ensure Vendor Security control coverage for SIEM/ALERTING/DETECTION with documented ownership and operating cadence. | Policy/procedure artifact demonstrating SIEM/ALERTING/DETECTION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for SIEM/ALERTING/DETECTION.; Recent review evidence with remediation tracking where exceptions were found. | gap | 4 | 0 |
VS-005 | Vendor Security Control 005 | Ensure Vendor Security control coverage for ENCRYPTION/KEY_MANAGEMENT/DATA with documented ownership and operating cadence. | Policy/procedure artifact demonstrating ENCRYPTION/KEY_MANAGEMENT/DATA governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for ENCRYPTION/KEY_MANAGEMENT/DATA.; Recent review evidence with remediation tracking where exceptions were found. | gap | 5 | 0 |
VS-006 | Vendor Security Control 006 | Ensure Vendor Security control coverage for NETWORK/TLS/SEGMENTATION with documented ownership and operating cadence. | Policy/procedure artifact demonstrating NETWORK/TLS/SEGMENTATION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for NETWORK/TLS/SEGMENTATION.; Recent review evidence with remediation tracking where exceptions were found. | gap | 1 | 0 |
VS-007 | Vendor Security Control 007 | Ensure Vendor Security control coverage for INCIDENT/RESPONSE/TABLETOP with documented ownership and operating cadence. | Policy/procedure artifact demonstrating INCIDENT/RESPONSE/TABLETOP governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for INCIDENT/RESPONSE/TABLETOP.; Recent review evidence with remediation tracking where exceptions were found. | gap | 2 | 0 |
VS-008 | Vendor Security Control 008 | Ensure Vendor Security control coverage for BACKUP/RECOVERY/CONTINUITY with documented ownership and operating cadence. | Policy/procedure artifact demonstrating BACKUP/RECOVERY/CONTINUITY governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for BACKUP/RECOVERY/CONTINUITY.; Recent review evidence with remediation tracking where exceptions were found. | gap | 3 | 0 |
VS-009 | Vendor Security Control 009 | Ensure Vendor Security control coverage for VENDOR/THIRD_PARTY/RISK with documented ownership and operating cadence. | Policy/procedure artifact demonstrating VENDOR/THIRD_PARTY/RISK governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for VENDOR/THIRD_PARTY/RISK.; Recent review evidence with remediation tracking where exceptions were found. | gap | 4 | 0 |
VS-010 | Vendor Security Control 010 | Ensure Vendor Security control coverage for GOVERNANCE/POLICY/AUDIT with documented ownership and operating cadence. | Policy/procedure artifact demonstrating GOVERNANCE/POLICY/AUDIT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for GOVERNANCE/POLICY/AUDIT.; Recent review evidence with remediation tracking where exceptions were found. | gap | 5 | 0 |
VS-011 | Vendor Security Control 011 | Ensure Vendor Security control coverage for TRAINING/AWARENESS/PEOPLE with documented ownership and operating cadence. | Policy/procedure artifact demonstrating TRAINING/AWARENESS/PEOPLE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for TRAINING/AWARENESS/PEOPLE.; Recent review evidence with remediation tracking where exceptions were found. | gap | 1 | 0 |
VS-012 | Vendor Security Control 012 | Ensure Vendor Security control coverage for VULNERABILITY/PATCHING/OPERATIONS with documented ownership and operating cadence. | Policy/procedure artifact demonstrating VULNERABILITY/PATCHING/OPERATIONS governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for VULNERABILITY/PATCHING/OPERATIONS.; Recent review evidence with remediation tracking where exceptions were found. | gap | 2 | 0 |
VS-013 | Vendor Security Control 013 | Ensure Vendor Security control coverage for IDENTITY/ACCESS/MFA with documented ownership and operating cadence. | Policy/procedure artifact demonstrating IDENTITY/ACCESS/MFA governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTITY/ACCESS/MFA.; Recent review evidence with remediation tracking where exceptions were found. | gap | 3 | 0 |
VS-014 | Vendor Security Control 014 | Ensure Vendor Security control coverage for PRIVILEGED/REVIEW/ACCESS with documented ownership and operating cadence. | Policy/procedure artifact demonstrating PRIVILEGED/REVIEW/ACCESS governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PRIVILEGED/REVIEW/ACCESS.; Recent review evidence with remediation tracking where exceptions were found. | gap | 4 | 0 |
VS-015 | Vendor Security Control 015 | Ensure Vendor Security control coverage for LOGGING/MONITORING/RETENTION with documented ownership and operating cadence. | Policy/procedure artifact demonstrating LOGGING/MONITORING/RETENTION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for LOGGING/MONITORING/RETENTION.; Recent review evidence with remediation tracking where exceptions were found. | gap | 5 | 0 |
VS-016 | Vendor Security Control 016 | Ensure Vendor Security control coverage for SIEM/ALERTING/DETECTION with documented ownership and operating cadence. | Policy/procedure artifact demonstrating SIEM/ALERTING/DETECTION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for SIEM/ALERTING/DETECTION.; Recent review evidence with remediation tracking where exceptions were found. | gap | 1 | 0 |
VS-017 | Vendor Security Control 017 | Ensure Vendor Security control coverage for ENCRYPTION/KEY_MANAGEMENT/DATA with documented ownership and operating cadence. | Policy/procedure artifact demonstrating ENCRYPTION/KEY_MANAGEMENT/DATA governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for ENCRYPTION/KEY_MANAGEMENT/DATA.; Recent review evidence with remediation tracking where exceptions were found. | gap | 2 | 0 |
VS-018 | Vendor Security Control 018 | Ensure Vendor Security control coverage for NETWORK/TLS/SEGMENTATION with documented ownership and operating cadence. | Policy/procedure artifact demonstrating NETWORK/TLS/SEGMENTATION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for NETWORK/TLS/SEGMENTATION.; Recent review evidence with remediation tracking where exceptions were found. | gap | 3 | 0 |
VS-019 | Vendor Security Control 019 | Ensure Vendor Security control coverage for INCIDENT/RESPONSE/TABLETOP with documented ownership and operating cadence. | Policy/procedure artifact demonstrating INCIDENT/RESPONSE/TABLETOP governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for INCIDENT/RESPONSE/TABLETOP.; Recent review evidence with remediation tracking where exceptions were found. | gap | 4 | 0 |
VS-020 | Vendor Security Control 020 | Ensure Vendor Security control coverage for BACKUP/RECOVERY/CONTINUITY with documented ownership and operating cadence. | Policy/procedure artifact demonstrating BACKUP/RECOVERY/CONTINUITY governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for BACKUP/RECOVERY/CONTINUITY.; Recent review evidence with remediation tracking where exceptions were found. | gap | 5 | 0 |
VS-021 | Vendor Security Control 021 | Ensure Vendor Security control coverage for VENDOR/THIRD_PARTY/RISK with documented ownership and operating cadence. | Policy/procedure artifact demonstrating VENDOR/THIRD_PARTY/RISK governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for VENDOR/THIRD_PARTY/RISK.; Recent review evidence with remediation tracking where exceptions were found. | gap | 1 | 0 |
VS-022 | Vendor Security Control 022 | Ensure Vendor Security control coverage for GOVERNANCE/POLICY/AUDIT with documented ownership and operating cadence. | Policy/procedure artifact demonstrating GOVERNANCE/POLICY/AUDIT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for GOVERNANCE/POLICY/AUDIT.; Recent review evidence with remediation tracking where exceptions were found. | gap | 2 | 0 |
VS-023 | Vendor Security Control 023 | Ensure Vendor Security control coverage for TRAINING/AWARENESS/PEOPLE with documented ownership and operating cadence. | Policy/procedure artifact demonstrating TRAINING/AWARENESS/PEOPLE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for TRAINING/AWARENESS/PEOPLE.; Recent review evidence with remediation tracking where exceptions were found. | gap | 3 | 0 |
VS-024 | Vendor Security Control 024 | Ensure Vendor Security control coverage for VULNERABILITY/PATCHING/OPERATIONS with documented ownership and operating cadence. | Policy/procedure artifact demonstrating VULNERABILITY/PATCHING/OPERATIONS governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for VULNERABILITY/PATCHING/OPERATIONS.; Recent review evidence with remediation tracking where exceptions were found. | gap | 4 | 0 |
VS-025 | Vendor Security Control 025 | Ensure Vendor Security control coverage for IDENTITY/ACCESS/MFA with documented ownership and operating cadence. | Policy/procedure artifact demonstrating IDENTITY/ACCESS/MFA governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTITY/ACCESS/MFA.; Recent review evidence with remediation tracking where exceptions were found. | gap | 5 | 0 |
VS-026 | Vendor Security Control 026 | Ensure Vendor Security control coverage for PRIVILEGED/REVIEW/ACCESS with documented ownership and operating cadence. | Policy/procedure artifact demonstrating PRIVILEGED/REVIEW/ACCESS governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PRIVILEGED/REVIEW/ACCESS.; Recent review evidence with remediation tracking where exceptions were found. | gap | 1 | 0 |
VS-027 | Vendor Security Control 027 | Ensure Vendor Security control coverage for LOGGING/MONITORING/RETENTION with documented ownership and operating cadence. | Policy/procedure artifact demonstrating LOGGING/MONITORING/RETENTION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for LOGGING/MONITORING/RETENTION.; Recent review evidence with remediation tracking where exceptions were found. | gap | 2 | 0 |
VS-028 | Vendor Security Control 028 | Ensure Vendor Security control coverage for SIEM/ALERTING/DETECTION with documented ownership and operating cadence. | Policy/procedure artifact demonstrating SIEM/ALERTING/DETECTION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for SIEM/ALERTING/DETECTION.; Recent review evidence with remediation tracking where exceptions were found. | gap | 3 | 0 |
VS-029 | Vendor Security Control 029 | Ensure Vendor Security control coverage for ENCRYPTION/KEY_MANAGEMENT/DATA with documented ownership and operating cadence. | Policy/procedure artifact demonstrating ENCRYPTION/KEY_MANAGEMENT/DATA governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for ENCRYPTION/KEY_MANAGEMENT/DATA.; Recent review evidence with remediation tracking where exceptions were found. | gap | 4 | 0 |
VS-030 | Vendor Security Control 030 | Ensure Vendor Security control coverage for NETWORK/TLS/SEGMENTATION with documented ownership and operating cadence. | Policy/procedure artifact demonstrating NETWORK/TLS/SEGMENTATION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for NETWORK/TLS/SEGMENTATION.; Recent review evidence with remediation tracking where exceptions were found. | gap | 5 | 0 |
VS-031 | Vendor Security Control 031 | Ensure Vendor Security control coverage for INCIDENT/RESPONSE/TABLETOP with documented ownership and operating cadence. | Policy/procedure artifact demonstrating INCIDENT/RESPONSE/TABLETOP governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for INCIDENT/RESPONSE/TABLETOP.; Recent review evidence with remediation tracking where exceptions were found. | gap | 1 | 0 |
VS-032 | Vendor Security Control 032 | Ensure Vendor Security control coverage for BACKUP/RECOVERY/CONTINUITY with documented ownership and operating cadence. | Policy/procedure artifact demonstrating BACKUP/RECOVERY/CONTINUITY governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for BACKUP/RECOVERY/CONTINUITY.; Recent review evidence with remediation tracking where exceptions were found. | gap | 2 | 0 |
VS-033 | Vendor Security Control 033 | Ensure Vendor Security control coverage for VENDOR/THIRD_PARTY/RISK with documented ownership and operating cadence. | Policy/procedure artifact demonstrating VENDOR/THIRD_PARTY/RISK governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for VENDOR/THIRD_PARTY/RISK.; Recent review evidence with remediation tracking where exceptions were found. | gap | 3 | 0 |
VS-034 | Vendor Security Control 034 | Ensure Vendor Security control coverage for GOVERNANCE/POLICY/AUDIT with documented ownership and operating cadence. | Policy/procedure artifact demonstrating GOVERNANCE/POLICY/AUDIT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for GOVERNANCE/POLICY/AUDIT.; Recent review evidence with remediation tracking where exceptions were found. | gap | 4 | 0 |
VS-035 | Vendor Security Control 035 | Ensure Vendor Security control coverage for TRAINING/AWARENESS/PEOPLE with documented ownership and operating cadence. | Policy/procedure artifact demonstrating TRAINING/AWARENESS/PEOPLE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for TRAINING/AWARENESS/PEOPLE.; Recent review evidence with remediation tracking where exceptions were found. | gap | 5 | 0 |
VS-036 | Vendor Security Control 036 | Ensure Vendor Security control coverage for VULNERABILITY/PATCHING/OPERATIONS with documented ownership and operating cadence. | Policy/procedure artifact demonstrating VULNERABILITY/PATCHING/OPERATIONS governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for VULNERABILITY/PATCHING/OPERATIONS.; Recent review evidence with remediation tracking where exceptions were found. | gap | 1 | 0 |
VS-037 | Vendor Security Control 037 | Ensure Vendor Security control coverage for IDENTITY/ACCESS/MFA with documented ownership and operating cadence. | Policy/procedure artifact demonstrating IDENTITY/ACCESS/MFA governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTITY/ACCESS/MFA.; Recent review evidence with remediation tracking where exceptions were found. | gap | 2 | 0 |
VS-038 | Vendor Security Control 038 | Ensure Vendor Security control coverage for PRIVILEGED/REVIEW/ACCESS with documented ownership and operating cadence. | Policy/procedure artifact demonstrating PRIVILEGED/REVIEW/ACCESS governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PRIVILEGED/REVIEW/ACCESS.; Recent review evidence with remediation tracking where exceptions were found. | gap | 3 | 0 |
VS-039 | Vendor Security Control 039 | Ensure Vendor Security control coverage for LOGGING/MONITORING/RETENTION with documented ownership and operating cadence. | Policy/procedure artifact demonstrating LOGGING/MONITORING/RETENTION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for LOGGING/MONITORING/RETENTION.; Recent review evidence with remediation tracking where exceptions were found. | gap | 4 | 0 |
VS-040 | Vendor Security Control 040 | Ensure Vendor Security control coverage for SIEM/ALERTING/DETECTION with documented ownership and operating cadence. | Policy/procedure artifact demonstrating SIEM/ALERTING/DETECTION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for SIEM/ALERTING/DETECTION.; Recent review evidence with remediation tracking where exceptions were found. | gap | 5 | 0 |
VS-041 | Vendor Security Control 041 | Ensure Vendor Security control coverage for ENCRYPTION/KEY_MANAGEMENT/DATA with documented ownership and operating cadence. | Policy/procedure artifact demonstrating ENCRYPTION/KEY_MANAGEMENT/DATA governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for ENCRYPTION/KEY_MANAGEMENT/DATA.; Recent review evidence with remediation tracking where exceptions were found. | gap | 1 | 0 |
VS-042 | Vendor Security Control 042 | Ensure Vendor Security control coverage for NETWORK/TLS/SEGMENTATION with documented ownership and operating cadence. | Policy/procedure artifact demonstrating NETWORK/TLS/SEGMENTATION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for NETWORK/TLS/SEGMENTATION.; Recent review evidence with remediation tracking where exceptions were found. | gap | 2 | 0 |
VS-043 | Vendor Security Control 043 | Ensure Vendor Security control coverage for INCIDENT/RESPONSE/TABLETOP with documented ownership and operating cadence. | Policy/procedure artifact demonstrating INCIDENT/RESPONSE/TABLETOP governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for INCIDENT/RESPONSE/TABLETOP.; Recent review evidence with remediation tracking where exceptions were found. | gap | 3 | 0 |
VS-044 | Vendor Security Control 044 | Ensure Vendor Security control coverage for BACKUP/RECOVERY/CONTINUITY with documented ownership and operating cadence. | Policy/procedure artifact demonstrating BACKUP/RECOVERY/CONTINUITY governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for BACKUP/RECOVERY/CONTINUITY.; Recent review evidence with remediation tracking where exceptions were found. | gap | 4 | 0 |
VS-045 | Vendor Security Control 045 | Ensure Vendor Security control coverage for VENDOR/THIRD_PARTY/RISK with documented ownership and operating cadence. | Policy/procedure artifact demonstrating VENDOR/THIRD_PARTY/RISK governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for VENDOR/THIRD_PARTY/RISK.; Recent review evidence with remediation tracking where exceptions were found. | gap | 5 | 0 |
VS-046 | Vendor Security Control 046 | Ensure Vendor Security control coverage for GOVERNANCE/POLICY/AUDIT with documented ownership and operating cadence. | Policy/procedure artifact demonstrating GOVERNANCE/POLICY/AUDIT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for GOVERNANCE/POLICY/AUDIT.; Recent review evidence with remediation tracking where exceptions were found. | gap | 1 | 0 |
VS-047 | Vendor Security Control 047 | Ensure Vendor Security control coverage for TRAINING/AWARENESS/PEOPLE with documented ownership and operating cadence. | Policy/procedure artifact demonstrating TRAINING/AWARENESS/PEOPLE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for TRAINING/AWARENESS/PEOPLE.; Recent review evidence with remediation tracking where exceptions were found. | gap | 2 | 0 |
VS-048 | Vendor Security Control 048 | Ensure Vendor Security control coverage for VULNERABILITY/PATCHING/OPERATIONS with documented ownership and operating cadence. | Policy/procedure artifact demonstrating VULNERABILITY/PATCHING/OPERATIONS governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for VULNERABILITY/PATCHING/OPERATIONS.; Recent review evidence with remediation tracking where exceptions were found. | gap | 3 | 0 |
VS-049 | Vendor Security Control 049 | Ensure Vendor Security control coverage for IDENTITY/ACCESS/MFA with documented ownership and operating cadence. | Policy/procedure artifact demonstrating IDENTITY/ACCESS/MFA governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTITY/ACCESS/MFA.; Recent review evidence with remediation tracking where exceptions were found. | gap | 4 | 0 |
VS-050 | Vendor Security Control 050 | Ensure Vendor Security control coverage for PRIVILEGED/REVIEW/ACCESS with documented ownership and operating cadence. | Policy/procedure artifact demonstrating PRIVILEGED/REVIEW/ACCESS governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PRIVILEGED/REVIEW/ACCESS.; Recent review evidence with remediation tracking where exceptions were found. | gap | 5 | 0 |
VS-051 | Vendor Security Control 051 | Ensure Vendor Security control coverage for LOGGING/MONITORING/RETENTION with documented ownership and operating cadence. | Policy/procedure artifact demonstrating LOGGING/MONITORING/RETENTION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for LOGGING/MONITORING/RETENTION.; Recent review evidence with remediation tracking where exceptions were found. | gap | 1 | 0 |
VS-052 | Vendor Security Control 052 | Ensure Vendor Security control coverage for SIEM/ALERTING/DETECTION with documented ownership and operating cadence. | Policy/procedure artifact demonstrating SIEM/ALERTING/DETECTION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for SIEM/ALERTING/DETECTION.; Recent review evidence with remediation tracking where exceptions were found. | gap | 2 | 0 |
VS-053 | Vendor Security Control 053 | Ensure Vendor Security control coverage for ENCRYPTION/KEY_MANAGEMENT/DATA with documented ownership and operating cadence. | Policy/procedure artifact demonstrating ENCRYPTION/KEY_MANAGEMENT/DATA governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for ENCRYPTION/KEY_MANAGEMENT/DATA.; Recent review evidence with remediation tracking where exceptions were found. | gap | 3 | 0 |
VS-054 | Vendor Security Control 054 | Ensure Vendor Security control coverage for NETWORK/TLS/SEGMENTATION with documented ownership and operating cadence. | Policy/procedure artifact demonstrating NETWORK/TLS/SEGMENTATION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for NETWORK/TLS/SEGMENTATION.; Recent review evidence with remediation tracking where exceptions were found. | gap | 4 | 0 |
VS-055 | Vendor Security Control 055 | Ensure Vendor Security control coverage for INCIDENT/RESPONSE/TABLETOP with documented ownership and operating cadence. | Policy/procedure artifact demonstrating INCIDENT/RESPONSE/TABLETOP governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for INCIDENT/RESPONSE/TABLETOP.; Recent review evidence with remediation tracking where exceptions were found. | gap | 5 | 0 |
VS-056 | Vendor Security Control 056 | Ensure Vendor Security control coverage for BACKUP/RECOVERY/CONTINUITY with documented ownership and operating cadence. | Policy/procedure artifact demonstrating BACKUP/RECOVERY/CONTINUITY governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for BACKUP/RECOVERY/CONTINUITY.; Recent review evidence with remediation tracking where exceptions were found. | gap | 1 | 0 |
VS-057 | Vendor Security Control 057 | Ensure Vendor Security control coverage for VENDOR/THIRD_PARTY/RISK with documented ownership and operating cadence. | Policy/procedure artifact demonstrating VENDOR/THIRD_PARTY/RISK governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for VENDOR/THIRD_PARTY/RISK.; Recent review evidence with remediation tracking where exceptions were found. | gap | 2 | 0 |
VS-058 | Vendor Security Control 058 | Ensure Vendor Security control coverage for GOVERNANCE/POLICY/AUDIT with documented ownership and operating cadence. | Policy/procedure artifact demonstrating GOVERNANCE/POLICY/AUDIT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for GOVERNANCE/POLICY/AUDIT.; Recent review evidence with remediation tracking where exceptions were found. | gap | 3 | 0 |
VS-059 | Vendor Security Control 059 | Ensure Vendor Security control coverage for TRAINING/AWARENESS/PEOPLE with documented ownership and operating cadence. | Policy/procedure artifact demonstrating TRAINING/AWARENESS/PEOPLE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for TRAINING/AWARENESS/PEOPLE.; Recent review evidence with remediation tracking where exceptions were found. | gap | 4 | 0 |
VS-060 | Vendor Security Control 060 | Ensure Vendor Security control coverage for VULNERABILITY/PATCHING/OPERATIONS with documented ownership and operating cadence. | Policy/procedure artifact demonstrating VULNERABILITY/PATCHING/OPERATIONS governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for VULNERABILITY/PATCHING/OPERATIONS.; Recent review evidence with remediation tracking where exceptions were found. | gap | 5 | 0 |
VS-061 | Vendor Security Control 061 | Ensure Vendor Security control coverage for IDENTITY/ACCESS/MFA with documented ownership and operating cadence. | Policy/procedure artifact demonstrating IDENTITY/ACCESS/MFA governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTITY/ACCESS/MFA.; Recent review evidence with remediation tracking where exceptions were found. | gap | 1 | 0 |
VS-062 | Vendor Security Control 062 | Ensure Vendor Security control coverage for PRIVILEGED/REVIEW/ACCESS with documented ownership and operating cadence. | Policy/procedure artifact demonstrating PRIVILEGED/REVIEW/ACCESS governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PRIVILEGED/REVIEW/ACCESS.; Recent review evidence with remediation tracking where exceptions were found. | gap | 2 | 0 |
VS-063 | Vendor Security Control 063 | Ensure Vendor Security control coverage for LOGGING/MONITORING/RETENTION with documented ownership and operating cadence. | Policy/procedure artifact demonstrating LOGGING/MONITORING/RETENTION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for LOGGING/MONITORING/RETENTION.; Recent review evidence with remediation tracking where exceptions were found. | gap | 3 | 0 |
VS-064 | Vendor Security Control 064 | Ensure Vendor Security control coverage for SIEM/ALERTING/DETECTION with documented ownership and operating cadence. | Policy/procedure artifact demonstrating SIEM/ALERTING/DETECTION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for SIEM/ALERTING/DETECTION.; Recent review evidence with remediation tracking where exceptions were found. | gap | 4 | 0 |
VS-065 | Vendor Security Control 065 | Ensure Vendor Security control coverage for ENCRYPTION/KEY_MANAGEMENT/DATA with documented ownership and operating cadence. | Policy/procedure artifact demonstrating ENCRYPTION/KEY_MANAGEMENT/DATA governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for ENCRYPTION/KEY_MANAGEMENT/DATA.; Recent review evidence with remediation tracking where exceptions were found. | gap | 5 | 0 |
VS-066 | Vendor Security Control 066 | Ensure Vendor Security control coverage for NETWORK/TLS/SEGMENTATION with documented ownership and operating cadence. | Policy/procedure artifact demonstrating NETWORK/TLS/SEGMENTATION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for NETWORK/TLS/SEGMENTATION.; Recent review evidence with remediation tracking where exceptions were found. | gap | 1 | 0 |
VS-067 | Vendor Security Control 067 | Ensure Vendor Security control coverage for INCIDENT/RESPONSE/TABLETOP with documented ownership and operating cadence. | Policy/procedure artifact demonstrating INCIDENT/RESPONSE/TABLETOP governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for INCIDENT/RESPONSE/TABLETOP.; Recent review evidence with remediation tracking where exceptions were found. | gap | 2 | 0 |
VS-068 | Vendor Security Control 068 | Ensure Vendor Security control coverage for BACKUP/RECOVERY/CONTINUITY with documented ownership and operating cadence. | Policy/procedure artifact demonstrating BACKUP/RECOVERY/CONTINUITY governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for BACKUP/RECOVERY/CONTINUITY.; Recent review evidence with remediation tracking where exceptions were found. | gap | 3 | 0 |
VS-069 | Vendor Security Control 069 | Ensure Vendor Security control coverage for VENDOR/THIRD_PARTY/RISK with documented ownership and operating cadence. | Policy/procedure artifact demonstrating VENDOR/THIRD_PARTY/RISK governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for VENDOR/THIRD_PARTY/RISK.; Recent review evidence with remediation tracking where exceptions were found. | gap | 4 | 0 |
VS-070 | Vendor Security Control 070 | Ensure Vendor Security control coverage for GOVERNANCE/POLICY/AUDIT with documented ownership and operating cadence. | Policy/procedure artifact demonstrating GOVERNANCE/POLICY/AUDIT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for GOVERNANCE/POLICY/AUDIT.; Recent review evidence with remediation tracking where exceptions were found. | gap | 5 | 0 |
VS-071 | Vendor Security Control 071 | Ensure Vendor Security control coverage for TRAINING/AWARENESS/PEOPLE with documented ownership and operating cadence. | Policy/procedure artifact demonstrating TRAINING/AWARENESS/PEOPLE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for TRAINING/AWARENESS/PEOPLE.; Recent review evidence with remediation tracking where exceptions were found. | gap | 1 | 0 |
VS-072 | Vendor Security Control 072 | Ensure Vendor Security control coverage for VULNERABILITY/PATCHING/OPERATIONS with documented ownership and operating cadence. | Policy/procedure artifact demonstrating VULNERABILITY/PATCHING/OPERATIONS governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for VULNERABILITY/PATCHING/OPERATIONS.; Recent review evidence with remediation tracking where exceptions were found. | gap | 2 | 0 |
VS-073 | Vendor Security Control 073 | Ensure Vendor Security control coverage for IDENTITY/ACCESS/MFA with documented ownership and operating cadence. | Policy/procedure artifact demonstrating IDENTITY/ACCESS/MFA governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTITY/ACCESS/MFA.; Recent review evidence with remediation tracking where exceptions were found. | gap | 3 | 0 |
VS-074 | Vendor Security Control 074 | Ensure Vendor Security control coverage for PRIVILEGED/REVIEW/ACCESS with documented ownership and operating cadence. | Policy/procedure artifact demonstrating PRIVILEGED/REVIEW/ACCESS governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PRIVILEGED/REVIEW/ACCESS.; Recent review evidence with remediation tracking where exceptions were found. | gap | 4 | 0 |
VS-075 | Vendor Security Control 075 | Ensure Vendor Security control coverage for LOGGING/MONITORING/RETENTION with documented ownership and operating cadence. | Policy/procedure artifact demonstrating LOGGING/MONITORING/RETENTION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for LOGGING/MONITORING/RETENTION.; Recent review evidence with remediation tracking where exceptions were found. | gap | 5 | 0 |
VS-076 | Vendor Security Control 076 | Ensure Vendor Security control coverage for SIEM/ALERTING/DETECTION with documented ownership and operating cadence. | Policy/procedure artifact demonstrating SIEM/ALERTING/DETECTION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for SIEM/ALERTING/DETECTION.; Recent review evidence with remediation tracking where exceptions were found. | gap | 1 | 0 |
VS-077 | Vendor Security Control 077 | Ensure Vendor Security control coverage for ENCRYPTION/KEY_MANAGEMENT/DATA with documented ownership and operating cadence. | Policy/procedure artifact demonstrating ENCRYPTION/KEY_MANAGEMENT/DATA governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for ENCRYPTION/KEY_MANAGEMENT/DATA.; Recent review evidence with remediation tracking where exceptions were found. | gap | 2 | 0 |
VS-078 | Vendor Security Control 078 | Ensure Vendor Security control coverage for NETWORK/TLS/SEGMENTATION with documented ownership and operating cadence. | Policy/procedure artifact demonstrating NETWORK/TLS/SEGMENTATION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for NETWORK/TLS/SEGMENTATION.; Recent review evidence with remediation tracking where exceptions were found. | gap | 3 | 0 |
VS-079 | Vendor Security Control 079 | Ensure Vendor Security control coverage for INCIDENT/RESPONSE/TABLETOP with documented ownership and operating cadence. | Policy/procedure artifact demonstrating INCIDENT/RESPONSE/TABLETOP governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for INCIDENT/RESPONSE/TABLETOP.; Recent review evidence with remediation tracking where exceptions were found. | gap | 4 | 0 |
VS-080 | Vendor Security Control 080 | Ensure Vendor Security control coverage for BACKUP/RECOVERY/CONTINUITY with documented ownership and operating cadence. | Policy/procedure artifact demonstrating BACKUP/RECOVERY/CONTINUITY governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for BACKUP/RECOVERY/CONTINUITY.; Recent review evidence with remediation tracking where exceptions were found. | gap | 5 | 0 |
Gap Register
| control_id | title | status | severity | evidence_count | missing_evidence | evidence expectations |
|---|---|---|---|---|---|---|
VS-001 | Vendor Security Control 001 | gap | 1 | 0 | 2 | Policy/procedure artifact demonstrating IDENTITY/ACCESS/MFA governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTITY/ACCESS/MFA.; Recent review evidence with remediation tracking where exceptions were found. |
VS-002 | Vendor Security Control 002 | gap | 2 | 0 | 2 | Policy/procedure artifact demonstrating PRIVILEGED/REVIEW/ACCESS governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PRIVILEGED/REVIEW/ACCESS.; Recent review evidence with remediation tracking where exceptions were found. |
VS-003 | Vendor Security Control 003 | gap | 3 | 0 | 2 | Policy/procedure artifact demonstrating LOGGING/MONITORING/RETENTION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for LOGGING/MONITORING/RETENTION.; Recent review evidence with remediation tracking where exceptions were found. |
VS-004 | Vendor Security Control 004 | gap | 4 | 0 | 2 | Policy/procedure artifact demonstrating SIEM/ALERTING/DETECTION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for SIEM/ALERTING/DETECTION.; Recent review evidence with remediation tracking where exceptions were found. |
VS-005 | Vendor Security Control 005 | gap | 5 | 0 | 2 | Policy/procedure artifact demonstrating ENCRYPTION/KEY_MANAGEMENT/DATA governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for ENCRYPTION/KEY_MANAGEMENT/DATA.; Recent review evidence with remediation tracking where exceptions were found. |
VS-006 | Vendor Security Control 006 | gap | 1 | 0 | 3 | Policy/procedure artifact demonstrating NETWORK/TLS/SEGMENTATION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for NETWORK/TLS/SEGMENTATION.; Recent review evidence with remediation tracking where exceptions were found. |
VS-007 | Vendor Security Control 007 | gap | 2 | 0 | 3 | Policy/procedure artifact demonstrating INCIDENT/RESPONSE/TABLETOP governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for INCIDENT/RESPONSE/TABLETOP.; Recent review evidence with remediation tracking where exceptions were found. |
VS-008 | Vendor Security Control 008 | gap | 3 | 0 | 2 | Policy/procedure artifact demonstrating BACKUP/RECOVERY/CONTINUITY governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for BACKUP/RECOVERY/CONTINUITY.; Recent review evidence with remediation tracking where exceptions were found. |
VS-009 | Vendor Security Control 009 | gap | 4 | 0 | 3 | Policy/procedure artifact demonstrating VENDOR/THIRD_PARTY/RISK governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for VENDOR/THIRD_PARTY/RISK.; Recent review evidence with remediation tracking where exceptions were found. |
VS-010 | Vendor Security Control 010 | gap | 5 | 0 | 3 | Policy/procedure artifact demonstrating GOVERNANCE/POLICY/AUDIT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for GOVERNANCE/POLICY/AUDIT.; Recent review evidence with remediation tracking where exceptions were found. |
VS-011 | Vendor Security Control 011 | gap | 1 | 0 | 2 | Policy/procedure artifact demonstrating TRAINING/AWARENESS/PEOPLE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for TRAINING/AWARENESS/PEOPLE.; Recent review evidence with remediation tracking where exceptions were found. |
VS-012 | Vendor Security Control 012 | gap | 2 | 0 | 2 | Policy/procedure artifact demonstrating VULNERABILITY/PATCHING/OPERATIONS governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for VULNERABILITY/PATCHING/OPERATIONS.; Recent review evidence with remediation tracking where exceptions were found. |
VS-013 | Vendor Security Control 013 | gap | 3 | 0 | 2 | Policy/procedure artifact demonstrating IDENTITY/ACCESS/MFA governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTITY/ACCESS/MFA.; Recent review evidence with remediation tracking where exceptions were found. |
VS-014 | Vendor Security Control 014 | gap | 4 | 0 | 2 | Policy/procedure artifact demonstrating PRIVILEGED/REVIEW/ACCESS governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PRIVILEGED/REVIEW/ACCESS.; Recent review evidence with remediation tracking where exceptions were found. |
VS-015 | Vendor Security Control 015 | gap | 5 | 0 | 2 | Policy/procedure artifact demonstrating LOGGING/MONITORING/RETENTION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for LOGGING/MONITORING/RETENTION.; Recent review evidence with remediation tracking where exceptions were found. |
VS-016 | Vendor Security Control 016 | gap | 1 | 0 | 2 | Policy/procedure artifact demonstrating SIEM/ALERTING/DETECTION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for SIEM/ALERTING/DETECTION.; Recent review evidence with remediation tracking where exceptions were found. |
VS-017 | Vendor Security Control 017 | gap | 2 | 0 | 2 | Policy/procedure artifact demonstrating ENCRYPTION/KEY_MANAGEMENT/DATA governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for ENCRYPTION/KEY_MANAGEMENT/DATA.; Recent review evidence with remediation tracking where exceptions were found. |
VS-018 | Vendor Security Control 018 | gap | 3 | 0 | 3 | Policy/procedure artifact demonstrating NETWORK/TLS/SEGMENTATION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for NETWORK/TLS/SEGMENTATION.; Recent review evidence with remediation tracking where exceptions were found. |
VS-019 | Vendor Security Control 019 | gap | 4 | 0 | 3 | Policy/procedure artifact demonstrating INCIDENT/RESPONSE/TABLETOP governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for INCIDENT/RESPONSE/TABLETOP.; Recent review evidence with remediation tracking where exceptions were found. |
VS-020 | Vendor Security Control 020 | gap | 5 | 0 | 2 | Policy/procedure artifact demonstrating BACKUP/RECOVERY/CONTINUITY governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for BACKUP/RECOVERY/CONTINUITY.; Recent review evidence with remediation tracking where exceptions were found. |
VS-021 | Vendor Security Control 021 | gap | 1 | 0 | 3 | Policy/procedure artifact demonstrating VENDOR/THIRD_PARTY/RISK governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for VENDOR/THIRD_PARTY/RISK.; Recent review evidence with remediation tracking where exceptions were found. |
VS-022 | Vendor Security Control 022 | gap | 2 | 0 | 3 | Policy/procedure artifact demonstrating GOVERNANCE/POLICY/AUDIT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for GOVERNANCE/POLICY/AUDIT.; Recent review evidence with remediation tracking where exceptions were found. |
VS-023 | Vendor Security Control 023 | gap | 3 | 0 | 2 | Policy/procedure artifact demonstrating TRAINING/AWARENESS/PEOPLE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for TRAINING/AWARENESS/PEOPLE.; Recent review evidence with remediation tracking where exceptions were found. |
VS-024 | Vendor Security Control 024 | gap | 4 | 0 | 2 | Policy/procedure artifact demonstrating VULNERABILITY/PATCHING/OPERATIONS governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for VULNERABILITY/PATCHING/OPERATIONS.; Recent review evidence with remediation tracking where exceptions were found. |
VS-025 | Vendor Security Control 025 | gap | 5 | 0 | 2 | Policy/procedure artifact demonstrating IDENTITY/ACCESS/MFA governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTITY/ACCESS/MFA.; Recent review evidence with remediation tracking where exceptions were found. |
VS-026 | Vendor Security Control 026 | gap | 1 | 0 | 2 | Policy/procedure artifact demonstrating PRIVILEGED/REVIEW/ACCESS governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PRIVILEGED/REVIEW/ACCESS.; Recent review evidence with remediation tracking where exceptions were found. |
VS-027 | Vendor Security Control 027 | gap | 2 | 0 | 2 | Policy/procedure artifact demonstrating LOGGING/MONITORING/RETENTION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for LOGGING/MONITORING/RETENTION.; Recent review evidence with remediation tracking where exceptions were found. |
VS-028 | Vendor Security Control 028 | gap | 3 | 0 | 2 | Policy/procedure artifact demonstrating SIEM/ALERTING/DETECTION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for SIEM/ALERTING/DETECTION.; Recent review evidence with remediation tracking where exceptions were found. |
VS-029 | Vendor Security Control 029 | gap | 4 | 0 | 2 | Policy/procedure artifact demonstrating ENCRYPTION/KEY_MANAGEMENT/DATA governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for ENCRYPTION/KEY_MANAGEMENT/DATA.; Recent review evidence with remediation tracking where exceptions were found. |
VS-030 | Vendor Security Control 030 | gap | 5 | 0 | 3 | Policy/procedure artifact demonstrating NETWORK/TLS/SEGMENTATION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for NETWORK/TLS/SEGMENTATION.; Recent review evidence with remediation tracking where exceptions were found. |
VS-031 | Vendor Security Control 031 | gap | 1 | 0 | 3 | Policy/procedure artifact demonstrating INCIDENT/RESPONSE/TABLETOP governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for INCIDENT/RESPONSE/TABLETOP.; Recent review evidence with remediation tracking where exceptions were found. |
VS-032 | Vendor Security Control 032 | gap | 2 | 0 | 2 | Policy/procedure artifact demonstrating BACKUP/RECOVERY/CONTINUITY governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for BACKUP/RECOVERY/CONTINUITY.; Recent review evidence with remediation tracking where exceptions were found. |
VS-033 | Vendor Security Control 033 | gap | 3 | 0 | 3 | Policy/procedure artifact demonstrating VENDOR/THIRD_PARTY/RISK governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for VENDOR/THIRD_PARTY/RISK.; Recent review evidence with remediation tracking where exceptions were found. |
VS-034 | Vendor Security Control 034 | gap | 4 | 0 | 3 | Policy/procedure artifact demonstrating GOVERNANCE/POLICY/AUDIT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for GOVERNANCE/POLICY/AUDIT.; Recent review evidence with remediation tracking where exceptions were found. |
VS-035 | Vendor Security Control 035 | gap | 5 | 0 | 2 | Policy/procedure artifact demonstrating TRAINING/AWARENESS/PEOPLE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for TRAINING/AWARENESS/PEOPLE.; Recent review evidence with remediation tracking where exceptions were found. |
VS-036 | Vendor Security Control 036 | gap | 1 | 0 | 2 | Policy/procedure artifact demonstrating VULNERABILITY/PATCHING/OPERATIONS governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for VULNERABILITY/PATCHING/OPERATIONS.; Recent review evidence with remediation tracking where exceptions were found. |
VS-037 | Vendor Security Control 037 | gap | 2 | 0 | 2 | Policy/procedure artifact demonstrating IDENTITY/ACCESS/MFA governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTITY/ACCESS/MFA.; Recent review evidence with remediation tracking where exceptions were found. |
VS-038 | Vendor Security Control 038 | gap | 3 | 0 | 2 | Policy/procedure artifact demonstrating PRIVILEGED/REVIEW/ACCESS governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PRIVILEGED/REVIEW/ACCESS.; Recent review evidence with remediation tracking where exceptions were found. |
VS-039 | Vendor Security Control 039 | gap | 4 | 0 | 2 | Policy/procedure artifact demonstrating LOGGING/MONITORING/RETENTION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for LOGGING/MONITORING/RETENTION.; Recent review evidence with remediation tracking where exceptions were found. |
VS-040 | Vendor Security Control 040 | gap | 5 | 0 | 2 | Policy/procedure artifact demonstrating SIEM/ALERTING/DETECTION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for SIEM/ALERTING/DETECTION.; Recent review evidence with remediation tracking where exceptions were found. |
VS-041 | Vendor Security Control 041 | gap | 1 | 0 | 2 | Policy/procedure artifact demonstrating ENCRYPTION/KEY_MANAGEMENT/DATA governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for ENCRYPTION/KEY_MANAGEMENT/DATA.; Recent review evidence with remediation tracking where exceptions were found. |
VS-042 | Vendor Security Control 042 | gap | 2 | 0 | 3 | Policy/procedure artifact demonstrating NETWORK/TLS/SEGMENTATION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for NETWORK/TLS/SEGMENTATION.; Recent review evidence with remediation tracking where exceptions were found. |
VS-043 | Vendor Security Control 043 | gap | 3 | 0 | 3 | Policy/procedure artifact demonstrating INCIDENT/RESPONSE/TABLETOP governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for INCIDENT/RESPONSE/TABLETOP.; Recent review evidence with remediation tracking where exceptions were found. |
VS-044 | Vendor Security Control 044 | gap | 4 | 0 | 2 | Policy/procedure artifact demonstrating BACKUP/RECOVERY/CONTINUITY governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for BACKUP/RECOVERY/CONTINUITY.; Recent review evidence with remediation tracking where exceptions were found. |
VS-045 | Vendor Security Control 045 | gap | 5 | 0 | 3 | Policy/procedure artifact demonstrating VENDOR/THIRD_PARTY/RISK governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for VENDOR/THIRD_PARTY/RISK.; Recent review evidence with remediation tracking where exceptions were found. |
VS-046 | Vendor Security Control 046 | gap | 1 | 0 | 3 | Policy/procedure artifact demonstrating GOVERNANCE/POLICY/AUDIT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for GOVERNANCE/POLICY/AUDIT.; Recent review evidence with remediation tracking where exceptions were found. |
VS-047 | Vendor Security Control 047 | gap | 2 | 0 | 2 | Policy/procedure artifact demonstrating TRAINING/AWARENESS/PEOPLE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for TRAINING/AWARENESS/PEOPLE.; Recent review evidence with remediation tracking where exceptions were found. |
VS-048 | Vendor Security Control 048 | gap | 3 | 0 | 2 | Policy/procedure artifact demonstrating VULNERABILITY/PATCHING/OPERATIONS governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for VULNERABILITY/PATCHING/OPERATIONS.; Recent review evidence with remediation tracking where exceptions were found. |
VS-049 | Vendor Security Control 049 | gap | 4 | 0 | 2 | Policy/procedure artifact demonstrating IDENTITY/ACCESS/MFA governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTITY/ACCESS/MFA.; Recent review evidence with remediation tracking where exceptions were found. |
VS-050 | Vendor Security Control 050 | gap | 5 | 0 | 2 | Policy/procedure artifact demonstrating PRIVILEGED/REVIEW/ACCESS governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PRIVILEGED/REVIEW/ACCESS.; Recent review evidence with remediation tracking where exceptions were found. |
VS-051 | Vendor Security Control 051 | gap | 1 | 0 | 2 | Policy/procedure artifact demonstrating LOGGING/MONITORING/RETENTION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for LOGGING/MONITORING/RETENTION.; Recent review evidence with remediation tracking where exceptions were found. |
VS-052 | Vendor Security Control 052 | gap | 2 | 0 | 2 | Policy/procedure artifact demonstrating SIEM/ALERTING/DETECTION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for SIEM/ALERTING/DETECTION.; Recent review evidence with remediation tracking where exceptions were found. |
VS-053 | Vendor Security Control 053 | gap | 3 | 0 | 2 | Policy/procedure artifact demonstrating ENCRYPTION/KEY_MANAGEMENT/DATA governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for ENCRYPTION/KEY_MANAGEMENT/DATA.; Recent review evidence with remediation tracking where exceptions were found. |
VS-054 | Vendor Security Control 054 | gap | 4 | 0 | 3 | Policy/procedure artifact demonstrating NETWORK/TLS/SEGMENTATION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for NETWORK/TLS/SEGMENTATION.; Recent review evidence with remediation tracking where exceptions were found. |
VS-055 | Vendor Security Control 055 | gap | 5 | 0 | 3 | Policy/procedure artifact demonstrating INCIDENT/RESPONSE/TABLETOP governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for INCIDENT/RESPONSE/TABLETOP.; Recent review evidence with remediation tracking where exceptions were found. |
VS-056 | Vendor Security Control 056 | gap | 1 | 0 | 2 | Policy/procedure artifact demonstrating BACKUP/RECOVERY/CONTINUITY governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for BACKUP/RECOVERY/CONTINUITY.; Recent review evidence with remediation tracking where exceptions were found. |
VS-057 | Vendor Security Control 057 | gap | 2 | 0 | 3 | Policy/procedure artifact demonstrating VENDOR/THIRD_PARTY/RISK governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for VENDOR/THIRD_PARTY/RISK.; Recent review evidence with remediation tracking where exceptions were found. |
VS-058 | Vendor Security Control 058 | gap | 3 | 0 | 3 | Policy/procedure artifact demonstrating GOVERNANCE/POLICY/AUDIT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for GOVERNANCE/POLICY/AUDIT.; Recent review evidence with remediation tracking where exceptions were found. |
VS-059 | Vendor Security Control 059 | gap | 4 | 0 | 2 | Policy/procedure artifact demonstrating TRAINING/AWARENESS/PEOPLE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for TRAINING/AWARENESS/PEOPLE.; Recent review evidence with remediation tracking where exceptions were found. |
VS-060 | Vendor Security Control 060 | gap | 5 | 0 | 2 | Policy/procedure artifact demonstrating VULNERABILITY/PATCHING/OPERATIONS governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for VULNERABILITY/PATCHING/OPERATIONS.; Recent review evidence with remediation tracking where exceptions were found. |
VS-061 | Vendor Security Control 061 | gap | 1 | 0 | 2 | Policy/procedure artifact demonstrating IDENTITY/ACCESS/MFA governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTITY/ACCESS/MFA.; Recent review evidence with remediation tracking where exceptions were found. |
VS-062 | Vendor Security Control 062 | gap | 2 | 0 | 2 | Policy/procedure artifact demonstrating PRIVILEGED/REVIEW/ACCESS governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PRIVILEGED/REVIEW/ACCESS.; Recent review evidence with remediation tracking where exceptions were found. |
VS-063 | Vendor Security Control 063 | gap | 3 | 0 | 2 | Policy/procedure artifact demonstrating LOGGING/MONITORING/RETENTION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for LOGGING/MONITORING/RETENTION.; Recent review evidence with remediation tracking where exceptions were found. |
VS-064 | Vendor Security Control 064 | gap | 4 | 0 | 2 | Policy/procedure artifact demonstrating SIEM/ALERTING/DETECTION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for SIEM/ALERTING/DETECTION.; Recent review evidence with remediation tracking where exceptions were found. |
VS-065 | Vendor Security Control 065 | gap | 5 | 0 | 2 | Policy/procedure artifact demonstrating ENCRYPTION/KEY_MANAGEMENT/DATA governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for ENCRYPTION/KEY_MANAGEMENT/DATA.; Recent review evidence with remediation tracking where exceptions were found. |
VS-066 | Vendor Security Control 066 | gap | 1 | 0 | 3 | Policy/procedure artifact demonstrating NETWORK/TLS/SEGMENTATION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for NETWORK/TLS/SEGMENTATION.; Recent review evidence with remediation tracking where exceptions were found. |
VS-067 | Vendor Security Control 067 | gap | 2 | 0 | 3 | Policy/procedure artifact demonstrating INCIDENT/RESPONSE/TABLETOP governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for INCIDENT/RESPONSE/TABLETOP.; Recent review evidence with remediation tracking where exceptions were found. |
VS-068 | Vendor Security Control 068 | gap | 3 | 0 | 2 | Policy/procedure artifact demonstrating BACKUP/RECOVERY/CONTINUITY governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for BACKUP/RECOVERY/CONTINUITY.; Recent review evidence with remediation tracking where exceptions were found. |
VS-069 | Vendor Security Control 069 | gap | 4 | 0 | 3 | Policy/procedure artifact demonstrating VENDOR/THIRD_PARTY/RISK governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for VENDOR/THIRD_PARTY/RISK.; Recent review evidence with remediation tracking where exceptions were found. |
VS-070 | Vendor Security Control 070 | gap | 5 | 0 | 3 | Policy/procedure artifact demonstrating GOVERNANCE/POLICY/AUDIT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for GOVERNANCE/POLICY/AUDIT.; Recent review evidence with remediation tracking where exceptions were found. |
VS-071 | Vendor Security Control 071 | gap | 1 | 0 | 2 | Policy/procedure artifact demonstrating TRAINING/AWARENESS/PEOPLE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for TRAINING/AWARENESS/PEOPLE.; Recent review evidence with remediation tracking where exceptions were found. |
VS-072 | Vendor Security Control 072 | gap | 2 | 0 | 2 | Policy/procedure artifact demonstrating VULNERABILITY/PATCHING/OPERATIONS governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for VULNERABILITY/PATCHING/OPERATIONS.; Recent review evidence with remediation tracking where exceptions were found. |
VS-073 | Vendor Security Control 073 | gap | 3 | 0 | 2 | Policy/procedure artifact demonstrating IDENTITY/ACCESS/MFA governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTITY/ACCESS/MFA.; Recent review evidence with remediation tracking where exceptions were found. |
VS-074 | Vendor Security Control 074 | gap | 4 | 0 | 2 | Policy/procedure artifact demonstrating PRIVILEGED/REVIEW/ACCESS governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PRIVILEGED/REVIEW/ACCESS.; Recent review evidence with remediation tracking where exceptions were found. |
VS-075 | Vendor Security Control 075 | gap | 5 | 0 | 2 | Policy/procedure artifact demonstrating LOGGING/MONITORING/RETENTION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for LOGGING/MONITORING/RETENTION.; Recent review evidence with remediation tracking where exceptions were found. |
VS-076 | Vendor Security Control 076 | gap | 1 | 0 | 2 | Policy/procedure artifact demonstrating SIEM/ALERTING/DETECTION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for SIEM/ALERTING/DETECTION.; Recent review evidence with remediation tracking where exceptions were found. |
VS-077 | Vendor Security Control 077 | gap | 2 | 0 | 2 | Policy/procedure artifact demonstrating ENCRYPTION/KEY_MANAGEMENT/DATA governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for ENCRYPTION/KEY_MANAGEMENT/DATA.; Recent review evidence with remediation tracking where exceptions were found. |
VS-078 | Vendor Security Control 078 | gap | 3 | 0 | 3 | Policy/procedure artifact demonstrating NETWORK/TLS/SEGMENTATION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for NETWORK/TLS/SEGMENTATION.; Recent review evidence with remediation tracking where exceptions were found. |
VS-079 | Vendor Security Control 079 | gap | 4 | 0 | 3 | Policy/procedure artifact demonstrating INCIDENT/RESPONSE/TABLETOP governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for INCIDENT/RESPONSE/TABLETOP.; Recent review evidence with remediation tracking where exceptions were found. |
VS-080 | Vendor Security Control 080 | gap | 5 | 0 | 2 | Policy/procedure artifact demonstrating BACKUP/RECOVERY/CONTINUITY governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for BACKUP/RECOVERY/CONTINUITY.; Recent review evidence with remediation tracking where exceptions were found. |
Evidence Appendix
VS-001 - Vendor Security Control 001
gap | severity 1 | evidence_count 0
Ensure Vendor Security control coverage for IDENTITY/ACCESS/MFA with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating IDENTITY/ACCESS/MFA governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTITY/ACCESS/MFA.; Recent review evidence with remediation tracking where exceptions were found.
VS-Q-001 - identity access mfa controls evidence owner review register policy log
tags: identity, access, mfa | hits: 0
No direct evidence hits for this query.
VS-Q-002 - privileged review access controls evidence owner review register policy log
tags: privileged, review, access | hits: 0
No direct evidence hits for this query.
VS-Q-013 - identity access mfa controls evidence owner review register policy log
tags: identity, access, mfa | hits: 0
No direct evidence hits for this query.
VS-Q-014 - privileged review access controls evidence owner review register policy log
tags: privileged, review, access | hits: 0
No direct evidence hits for this query.
VS-Q-025 - identity access mfa controls evidence owner review register policy log
tags: identity, access, mfa | hits: 0
No direct evidence hits for this query.
VS-002 - Vendor Security Control 002
gap | severity 2 | evidence_count 0
Ensure Vendor Security control coverage for PRIVILEGED/REVIEW/ACCESS with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating PRIVILEGED/REVIEW/ACCESS governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PRIVILEGED/REVIEW/ACCESS.; Recent review evidence with remediation tracking where exceptions were found.
VS-Q-001 - identity access mfa controls evidence owner review register policy log
tags: identity, access, mfa | hits: 0
No direct evidence hits for this query.
VS-Q-002 - privileged review access controls evidence owner review register policy log
tags: privileged, review, access | hits: 0
No direct evidence hits for this query.
VS-Q-003 - logging monitoring retention controls evidence owner review register policy log
tags: logging, monitoring, retention | hits: 0
No direct evidence hits for this query.
VS-Q-013 - identity access mfa controls evidence owner review register policy log
tags: identity, access, mfa | hits: 0
No direct evidence hits for this query.
VS-Q-014 - privileged review access controls evidence owner review register policy log
tags: privileged, review, access | hits: 0
No direct evidence hits for this query.
VS-003 - Vendor Security Control 003
gap | severity 3 | evidence_count 0
Ensure Vendor Security control coverage for LOGGING/MONITORING/RETENTION with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating LOGGING/MONITORING/RETENTION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for LOGGING/MONITORING/RETENTION.; Recent review evidence with remediation tracking where exceptions were found.
VS-Q-003 - logging monitoring retention controls evidence owner review register policy log
tags: logging, monitoring, retention | hits: 0
No direct evidence hits for this query.
VS-Q-004 - siem alerting detection controls evidence owner review register policy log
tags: siem, alerting, detection | hits: 0
No direct evidence hits for this query.
VS-Q-015 - logging monitoring retention controls evidence owner review register policy log
tags: logging, monitoring, retention | hits: 0
No direct evidence hits for this query.
VS-Q-016 - siem alerting detection controls evidence owner review register policy log
tags: siem, alerting, detection | hits: 0
No direct evidence hits for this query.
VS-Q-027 - logging monitoring retention controls evidence owner review register policy log
tags: logging, monitoring, retention | hits: 0
No direct evidence hits for this query.
VS-004 - Vendor Security Control 004
gap | severity 4 | evidence_count 0
Ensure Vendor Security control coverage for SIEM/ALERTING/DETECTION with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating SIEM/ALERTING/DETECTION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for SIEM/ALERTING/DETECTION.; Recent review evidence with remediation tracking where exceptions were found.
VS-Q-004 - siem alerting detection controls evidence owner review register policy log
tags: siem, alerting, detection | hits: 0
No direct evidence hits for this query.
VS-Q-005 - encryption key_management data controls evidence owner review register policy log
tags: encryption, key_management, data | hits: 0
No direct evidence hits for this query.
VS-Q-016 - siem alerting detection controls evidence owner review register policy log
tags: siem, alerting, detection | hits: 0
No direct evidence hits for this query.
VS-Q-017 - encryption key_management data controls evidence owner review register policy log
tags: encryption, key_management, data | hits: 0
No direct evidence hits for this query.
VS-Q-028 - siem alerting detection controls evidence owner review register policy log
tags: siem, alerting, detection | hits: 0
No direct evidence hits for this query.
VS-005 - Vendor Security Control 005
gap | severity 5 | evidence_count 0
Ensure Vendor Security control coverage for ENCRYPTION/KEY_MANAGEMENT/DATA with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating ENCRYPTION/KEY_MANAGEMENT/DATA governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for ENCRYPTION/KEY_MANAGEMENT/DATA.; Recent review evidence with remediation tracking where exceptions were found.
VS-Q-005 - encryption key_management data controls evidence owner review register policy log
tags: encryption, key_management, data | hits: 0
No direct evidence hits for this query.
VS-Q-006 - network tls segmentation controls evidence owner review register policy log
tags: network, tls, segmentation | hits: 0
No direct evidence hits for this query.
VS-Q-017 - encryption key_management data controls evidence owner review register policy log
tags: encryption, key_management, data | hits: 0
No direct evidence hits for this query.
VS-Q-018 - network tls segmentation controls evidence owner review register policy log
tags: network, tls, segmentation | hits: 0
No direct evidence hits for this query.
VS-Q-029 - encryption key_management data controls evidence owner review register policy log
tags: encryption, key_management, data | hits: 0
No direct evidence hits for this query.
VS-006 - Vendor Security Control 006
gap | severity 1 | evidence_count 0
Ensure Vendor Security control coverage for NETWORK/TLS/SEGMENTATION with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating NETWORK/TLS/SEGMENTATION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for NETWORK/TLS/SEGMENTATION.; Recent review evidence with remediation tracking where exceptions were found.
VS-Q-006 - network tls segmentation controls evidence owner review register policy log
tags: network, tls, segmentation | hits: 0
No direct evidence hits for this query.
VS-Q-007 - incident response tabletop controls evidence owner review register policy log
tags: incident, response, tabletop | hits: 0
No direct evidence hits for this query.
VS-Q-018 - network tls segmentation controls evidence owner review register policy log
tags: network, tls, segmentation | hits: 0
No direct evidence hits for this query.
VS-Q-019 - incident response tabletop controls evidence owner review register policy log
tags: incident, response, tabletop | hits: 0
No direct evidence hits for this query.
VS-Q-030 - network tls segmentation controls evidence owner review register policy log
tags: network, tls, segmentation | hits: 0
No direct evidence hits for this query.
VS-007 - Vendor Security Control 007
gap | severity 2 | evidence_count 0
Ensure Vendor Security control coverage for INCIDENT/RESPONSE/TABLETOP with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating INCIDENT/RESPONSE/TABLETOP governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for INCIDENT/RESPONSE/TABLETOP.; Recent review evidence with remediation tracking where exceptions were found.
VS-Q-007 - incident response tabletop controls evidence owner review register policy log
tags: incident, response, tabletop | hits: 0
No direct evidence hits for this query.
VS-Q-008 - backup recovery continuity controls evidence owner review register policy log
tags: backup, recovery, continuity | hits: 0
No direct evidence hits for this query.
VS-Q-019 - incident response tabletop controls evidence owner review register policy log
tags: incident, response, tabletop | hits: 0
No direct evidence hits for this query.
VS-Q-020 - backup recovery continuity controls evidence owner review register policy log
tags: backup, recovery, continuity | hits: 0
No direct evidence hits for this query.
VS-Q-031 - incident response tabletop controls evidence owner review register policy log
tags: incident, response, tabletop | hits: 0
No direct evidence hits for this query.
VS-008 - Vendor Security Control 008
gap | severity 3 | evidence_count 0
Ensure Vendor Security control coverage for BACKUP/RECOVERY/CONTINUITY with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating BACKUP/RECOVERY/CONTINUITY governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for BACKUP/RECOVERY/CONTINUITY.; Recent review evidence with remediation tracking where exceptions were found.
VS-Q-008 - backup recovery continuity controls evidence owner review register policy log
tags: backup, recovery, continuity | hits: 0
No direct evidence hits for this query.
VS-Q-009 - vendor third_party risk controls evidence owner review register policy log
tags: vendor, third_party, risk | hits: 0
No direct evidence hits for this query.
VS-Q-020 - backup recovery continuity controls evidence owner review register policy log
tags: backup, recovery, continuity | hits: 0
No direct evidence hits for this query.
VS-Q-021 - vendor third_party risk controls evidence owner review register policy log
tags: vendor, third_party, risk | hits: 0
No direct evidence hits for this query.
VS-Q-032 - backup recovery continuity controls evidence owner review register policy log
tags: backup, recovery, continuity | hits: 0
No direct evidence hits for this query.
VS-009 - Vendor Security Control 009
gap | severity 4 | evidence_count 0
Ensure Vendor Security control coverage for VENDOR/THIRD_PARTY/RISK with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating VENDOR/THIRD_PARTY/RISK governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for VENDOR/THIRD_PARTY/RISK.; Recent review evidence with remediation tracking where exceptions were found.
VS-Q-009 - vendor third_party risk controls evidence owner review register policy log
tags: vendor, third_party, risk | hits: 0
No direct evidence hits for this query.
VS-Q-010 - governance policy audit controls evidence owner review register policy log
tags: governance, policy, audit | hits: 0
No direct evidence hits for this query.
VS-Q-021 - vendor third_party risk controls evidence owner review register policy log
tags: vendor, third_party, risk | hits: 0
No direct evidence hits for this query.
VS-Q-022 - governance policy audit controls evidence owner review register policy log
tags: governance, policy, audit | hits: 0
No direct evidence hits for this query.
VS-Q-033 - vendor third_party risk controls evidence owner review register policy log
tags: vendor, third_party, risk | hits: 0
No direct evidence hits for this query.
VS-010 - Vendor Security Control 010
gap | severity 5 | evidence_count 0
Ensure Vendor Security control coverage for GOVERNANCE/POLICY/AUDIT with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating GOVERNANCE/POLICY/AUDIT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for GOVERNANCE/POLICY/AUDIT.; Recent review evidence with remediation tracking where exceptions were found.
VS-Q-010 - governance policy audit controls evidence owner review register policy log
tags: governance, policy, audit | hits: 0
No direct evidence hits for this query.
VS-Q-011 - training awareness people controls evidence owner review register policy log
tags: training, awareness, people | hits: 0
No direct evidence hits for this query.
VS-Q-022 - governance policy audit controls evidence owner review register policy log
tags: governance, policy, audit | hits: 0
No direct evidence hits for this query.
VS-Q-023 - training awareness people controls evidence owner review register policy log
tags: training, awareness, people | hits: 0
No direct evidence hits for this query.
VS-Q-034 - governance policy audit controls evidence owner review register policy log
tags: governance, policy, audit | hits: 0
No direct evidence hits for this query.
VS-011 - Vendor Security Control 011
gap | severity 1 | evidence_count 0
Ensure Vendor Security control coverage for TRAINING/AWARENESS/PEOPLE with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating TRAINING/AWARENESS/PEOPLE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for TRAINING/AWARENESS/PEOPLE.; Recent review evidence with remediation tracking where exceptions were found.
VS-Q-011 - training awareness people controls evidence owner review register policy log
tags: training, awareness, people | hits: 0
No direct evidence hits for this query.
VS-Q-012 - vulnerability patching operations controls evidence owner review register policy log
tags: vulnerability, patching, operations | hits: 0
No direct evidence hits for this query.
VS-Q-023 - training awareness people controls evidence owner review register policy log
tags: training, awareness, people | hits: 0
No direct evidence hits for this query.
VS-Q-024 - vulnerability patching operations controls evidence owner review register policy log
tags: vulnerability, patching, operations | hits: 0
No direct evidence hits for this query.
VS-Q-035 - training awareness people controls evidence owner review register policy log
tags: training, awareness, people | hits: 0
No direct evidence hits for this query.
VS-012 - Vendor Security Control 012
gap | severity 2 | evidence_count 0
Ensure Vendor Security control coverage for VULNERABILITY/PATCHING/OPERATIONS with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating VULNERABILITY/PATCHING/OPERATIONS governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for VULNERABILITY/PATCHING/OPERATIONS.; Recent review evidence with remediation tracking where exceptions were found.
VS-Q-001 - identity access mfa controls evidence owner review register policy log
tags: identity, access, mfa | hits: 0
No direct evidence hits for this query.
VS-Q-012 - vulnerability patching operations controls evidence owner review register policy log
tags: vulnerability, patching, operations | hits: 0
No direct evidence hits for this query.
VS-Q-013 - identity access mfa controls evidence owner review register policy log
tags: identity, access, mfa | hits: 0
No direct evidence hits for this query.
VS-Q-024 - vulnerability patching operations controls evidence owner review register policy log
tags: vulnerability, patching, operations | hits: 0
No direct evidence hits for this query.
VS-Q-025 - identity access mfa controls evidence owner review register policy log
tags: identity, access, mfa | hits: 0
No direct evidence hits for this query.
VS-013 - Vendor Security Control 013
gap | severity 3 | evidence_count 0
Ensure Vendor Security control coverage for IDENTITY/ACCESS/MFA with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating IDENTITY/ACCESS/MFA governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTITY/ACCESS/MFA.; Recent review evidence with remediation tracking where exceptions were found.
VS-Q-001 - identity access mfa controls evidence owner review register policy log
tags: identity, access, mfa | hits: 0
No direct evidence hits for this query.
VS-Q-002 - privileged review access controls evidence owner review register policy log
tags: privileged, review, access | hits: 0
No direct evidence hits for this query.
VS-Q-013 - identity access mfa controls evidence owner review register policy log
tags: identity, access, mfa | hits: 0
No direct evidence hits for this query.
VS-Q-014 - privileged review access controls evidence owner review register policy log
tags: privileged, review, access | hits: 0
No direct evidence hits for this query.
VS-Q-025 - identity access mfa controls evidence owner review register policy log
tags: identity, access, mfa | hits: 0
No direct evidence hits for this query.
VS-014 - Vendor Security Control 014
gap | severity 4 | evidence_count 0
Ensure Vendor Security control coverage for PRIVILEGED/REVIEW/ACCESS with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating PRIVILEGED/REVIEW/ACCESS governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PRIVILEGED/REVIEW/ACCESS.; Recent review evidence with remediation tracking where exceptions were found.
VS-Q-001 - identity access mfa controls evidence owner review register policy log
tags: identity, access, mfa | hits: 0
No direct evidence hits for this query.
VS-Q-002 - privileged review access controls evidence owner review register policy log
tags: privileged, review, access | hits: 0
No direct evidence hits for this query.
VS-Q-003 - logging monitoring retention controls evidence owner review register policy log
tags: logging, monitoring, retention | hits: 0
No direct evidence hits for this query.
VS-Q-013 - identity access mfa controls evidence owner review register policy log
tags: identity, access, mfa | hits: 0
No direct evidence hits for this query.
VS-Q-014 - privileged review access controls evidence owner review register policy log
tags: privileged, review, access | hits: 0
No direct evidence hits for this query.
VS-015 - Vendor Security Control 015
gap | severity 5 | evidence_count 0
Ensure Vendor Security control coverage for LOGGING/MONITORING/RETENTION with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating LOGGING/MONITORING/RETENTION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for LOGGING/MONITORING/RETENTION.; Recent review evidence with remediation tracking where exceptions were found.
VS-Q-003 - logging monitoring retention controls evidence owner review register policy log
tags: logging, monitoring, retention | hits: 0
No direct evidence hits for this query.
VS-Q-004 - siem alerting detection controls evidence owner review register policy log
tags: siem, alerting, detection | hits: 0
No direct evidence hits for this query.
VS-Q-015 - logging monitoring retention controls evidence owner review register policy log
tags: logging, monitoring, retention | hits: 0
No direct evidence hits for this query.
VS-Q-016 - siem alerting detection controls evidence owner review register policy log
tags: siem, alerting, detection | hits: 0
No direct evidence hits for this query.
VS-Q-027 - logging monitoring retention controls evidence owner review register policy log
tags: logging, monitoring, retention | hits: 0
No direct evidence hits for this query.
VS-016 - Vendor Security Control 016
gap | severity 1 | evidence_count 0
Ensure Vendor Security control coverage for SIEM/ALERTING/DETECTION with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating SIEM/ALERTING/DETECTION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for SIEM/ALERTING/DETECTION.; Recent review evidence with remediation tracking where exceptions were found.
VS-Q-004 - siem alerting detection controls evidence owner review register policy log
tags: siem, alerting, detection | hits: 0
No direct evidence hits for this query.
VS-Q-005 - encryption key_management data controls evidence owner review register policy log
tags: encryption, key_management, data | hits: 0
No direct evidence hits for this query.
VS-Q-016 - siem alerting detection controls evidence owner review register policy log
tags: siem, alerting, detection | hits: 0
No direct evidence hits for this query.
VS-Q-017 - encryption key_management data controls evidence owner review register policy log
tags: encryption, key_management, data | hits: 0
No direct evidence hits for this query.
VS-Q-028 - siem alerting detection controls evidence owner review register policy log
tags: siem, alerting, detection | hits: 0
No direct evidence hits for this query.
VS-017 - Vendor Security Control 017
gap | severity 2 | evidence_count 0
Ensure Vendor Security control coverage for ENCRYPTION/KEY_MANAGEMENT/DATA with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating ENCRYPTION/KEY_MANAGEMENT/DATA governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for ENCRYPTION/KEY_MANAGEMENT/DATA.; Recent review evidence with remediation tracking where exceptions were found.
VS-Q-005 - encryption key_management data controls evidence owner review register policy log
tags: encryption, key_management, data | hits: 0
No direct evidence hits for this query.
VS-Q-006 - network tls segmentation controls evidence owner review register policy log
tags: network, tls, segmentation | hits: 0
No direct evidence hits for this query.
VS-Q-017 - encryption key_management data controls evidence owner review register policy log
tags: encryption, key_management, data | hits: 0
No direct evidence hits for this query.
VS-Q-018 - network tls segmentation controls evidence owner review register policy log
tags: network, tls, segmentation | hits: 0
No direct evidence hits for this query.
VS-Q-029 - encryption key_management data controls evidence owner review register policy log
tags: encryption, key_management, data | hits: 0
No direct evidence hits for this query.
VS-018 - Vendor Security Control 018
gap | severity 3 | evidence_count 0
Ensure Vendor Security control coverage for NETWORK/TLS/SEGMENTATION with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating NETWORK/TLS/SEGMENTATION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for NETWORK/TLS/SEGMENTATION.; Recent review evidence with remediation tracking where exceptions were found.
VS-Q-006 - network tls segmentation controls evidence owner review register policy log
tags: network, tls, segmentation | hits: 0
No direct evidence hits for this query.
VS-Q-007 - incident response tabletop controls evidence owner review register policy log
tags: incident, response, tabletop | hits: 0
No direct evidence hits for this query.
VS-Q-018 - network tls segmentation controls evidence owner review register policy log
tags: network, tls, segmentation | hits: 0
No direct evidence hits for this query.
VS-Q-019 - incident response tabletop controls evidence owner review register policy log
tags: incident, response, tabletop | hits: 0
No direct evidence hits for this query.
VS-Q-030 - network tls segmentation controls evidence owner review register policy log
tags: network, tls, segmentation | hits: 0
No direct evidence hits for this query.
VS-019 - Vendor Security Control 019
gap | severity 4 | evidence_count 0
Ensure Vendor Security control coverage for INCIDENT/RESPONSE/TABLETOP with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating INCIDENT/RESPONSE/TABLETOP governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for INCIDENT/RESPONSE/TABLETOP.; Recent review evidence with remediation tracking where exceptions were found.
VS-Q-007 - incident response tabletop controls evidence owner review register policy log
tags: incident, response, tabletop | hits: 0
No direct evidence hits for this query.
VS-Q-008 - backup recovery continuity controls evidence owner review register policy log
tags: backup, recovery, continuity | hits: 0
No direct evidence hits for this query.
VS-Q-019 - incident response tabletop controls evidence owner review register policy log
tags: incident, response, tabletop | hits: 0
No direct evidence hits for this query.
VS-Q-020 - backup recovery continuity controls evidence owner review register policy log
tags: backup, recovery, continuity | hits: 0
No direct evidence hits for this query.
VS-Q-031 - incident response tabletop controls evidence owner review register policy log
tags: incident, response, tabletop | hits: 0
No direct evidence hits for this query.
VS-020 - Vendor Security Control 020
gap | severity 5 | evidence_count 0
Ensure Vendor Security control coverage for BACKUP/RECOVERY/CONTINUITY with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating BACKUP/RECOVERY/CONTINUITY governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for BACKUP/RECOVERY/CONTINUITY.; Recent review evidence with remediation tracking where exceptions were found.
VS-Q-008 - backup recovery continuity controls evidence owner review register policy log
tags: backup, recovery, continuity | hits: 0
No direct evidence hits for this query.
VS-Q-009 - vendor third_party risk controls evidence owner review register policy log
tags: vendor, third_party, risk | hits: 0
No direct evidence hits for this query.
VS-Q-020 - backup recovery continuity controls evidence owner review register policy log
tags: backup, recovery, continuity | hits: 0
No direct evidence hits for this query.
VS-Q-021 - vendor third_party risk controls evidence owner review register policy log
tags: vendor, third_party, risk | hits: 0
No direct evidence hits for this query.
VS-Q-032 - backup recovery continuity controls evidence owner review register policy log
tags: backup, recovery, continuity | hits: 0
No direct evidence hits for this query.
VS-021 - Vendor Security Control 021
gap | severity 1 | evidence_count 0
Ensure Vendor Security control coverage for VENDOR/THIRD_PARTY/RISK with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating VENDOR/THIRD_PARTY/RISK governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for VENDOR/THIRD_PARTY/RISK.; Recent review evidence with remediation tracking where exceptions were found.
VS-Q-009 - vendor third_party risk controls evidence owner review register policy log
tags: vendor, third_party, risk | hits: 0
No direct evidence hits for this query.
VS-Q-010 - governance policy audit controls evidence owner review register policy log
tags: governance, policy, audit | hits: 0
No direct evidence hits for this query.
VS-Q-021 - vendor third_party risk controls evidence owner review register policy log
tags: vendor, third_party, risk | hits: 0
No direct evidence hits for this query.
VS-Q-022 - governance policy audit controls evidence owner review register policy log
tags: governance, policy, audit | hits: 0
No direct evidence hits for this query.
VS-Q-033 - vendor third_party risk controls evidence owner review register policy log
tags: vendor, third_party, risk | hits: 0
No direct evidence hits for this query.
VS-022 - Vendor Security Control 022
gap | severity 2 | evidence_count 0
Ensure Vendor Security control coverage for GOVERNANCE/POLICY/AUDIT with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating GOVERNANCE/POLICY/AUDIT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for GOVERNANCE/POLICY/AUDIT.; Recent review evidence with remediation tracking where exceptions were found.
VS-Q-010 - governance policy audit controls evidence owner review register policy log
tags: governance, policy, audit | hits: 0
No direct evidence hits for this query.
VS-Q-011 - training awareness people controls evidence owner review register policy log
tags: training, awareness, people | hits: 0
No direct evidence hits for this query.
VS-Q-022 - governance policy audit controls evidence owner review register policy log
tags: governance, policy, audit | hits: 0
No direct evidence hits for this query.
VS-Q-023 - training awareness people controls evidence owner review register policy log
tags: training, awareness, people | hits: 0
No direct evidence hits for this query.
VS-Q-034 - governance policy audit controls evidence owner review register policy log
tags: governance, policy, audit | hits: 0
No direct evidence hits for this query.
VS-023 - Vendor Security Control 023
gap | severity 3 | evidence_count 0
Ensure Vendor Security control coverage for TRAINING/AWARENESS/PEOPLE with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating TRAINING/AWARENESS/PEOPLE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for TRAINING/AWARENESS/PEOPLE.; Recent review evidence with remediation tracking where exceptions were found.
VS-Q-011 - training awareness people controls evidence owner review register policy log
tags: training, awareness, people | hits: 0
No direct evidence hits for this query.
VS-Q-012 - vulnerability patching operations controls evidence owner review register policy log
tags: vulnerability, patching, operations | hits: 0
No direct evidence hits for this query.
VS-Q-023 - training awareness people controls evidence owner review register policy log
tags: training, awareness, people | hits: 0
No direct evidence hits for this query.
VS-Q-024 - vulnerability patching operations controls evidence owner review register policy log
tags: vulnerability, patching, operations | hits: 0
No direct evidence hits for this query.
VS-Q-035 - training awareness people controls evidence owner review register policy log
tags: training, awareness, people | hits: 0
No direct evidence hits for this query.
VS-024 - Vendor Security Control 024
gap | severity 4 | evidence_count 0
Ensure Vendor Security control coverage for VULNERABILITY/PATCHING/OPERATIONS with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating VULNERABILITY/PATCHING/OPERATIONS governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for VULNERABILITY/PATCHING/OPERATIONS.; Recent review evidence with remediation tracking where exceptions were found.
VS-Q-001 - identity access mfa controls evidence owner review register policy log
tags: identity, access, mfa | hits: 0
No direct evidence hits for this query.
VS-Q-012 - vulnerability patching operations controls evidence owner review register policy log
tags: vulnerability, patching, operations | hits: 0
No direct evidence hits for this query.
VS-Q-013 - identity access mfa controls evidence owner review register policy log
tags: identity, access, mfa | hits: 0
No direct evidence hits for this query.
VS-Q-024 - vulnerability patching operations controls evidence owner review register policy log
tags: vulnerability, patching, operations | hits: 0
No direct evidence hits for this query.
VS-Q-025 - identity access mfa controls evidence owner review register policy log
tags: identity, access, mfa | hits: 0
No direct evidence hits for this query.
VS-025 - Vendor Security Control 025
gap | severity 5 | evidence_count 0
Ensure Vendor Security control coverage for IDENTITY/ACCESS/MFA with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating IDENTITY/ACCESS/MFA governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTITY/ACCESS/MFA.; Recent review evidence with remediation tracking where exceptions were found.
VS-Q-001 - identity access mfa controls evidence owner review register policy log
tags: identity, access, mfa | hits: 0
No direct evidence hits for this query.
VS-Q-002 - privileged review access controls evidence owner review register policy log
tags: privileged, review, access | hits: 0
No direct evidence hits for this query.
VS-Q-013 - identity access mfa controls evidence owner review register policy log
tags: identity, access, mfa | hits: 0
No direct evidence hits for this query.
VS-Q-014 - privileged review access controls evidence owner review register policy log
tags: privileged, review, access | hits: 0
No direct evidence hits for this query.
VS-Q-025 - identity access mfa controls evidence owner review register policy log
tags: identity, access, mfa | hits: 0
No direct evidence hits for this query.
VS-026 - Vendor Security Control 026
gap | severity 1 | evidence_count 0
Ensure Vendor Security control coverage for PRIVILEGED/REVIEW/ACCESS with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating PRIVILEGED/REVIEW/ACCESS governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PRIVILEGED/REVIEW/ACCESS.; Recent review evidence with remediation tracking where exceptions were found.
VS-Q-001 - identity access mfa controls evidence owner review register policy log
tags: identity, access, mfa | hits: 0
No direct evidence hits for this query.
VS-Q-002 - privileged review access controls evidence owner review register policy log
tags: privileged, review, access | hits: 0
No direct evidence hits for this query.
VS-Q-003 - logging monitoring retention controls evidence owner review register policy log
tags: logging, monitoring, retention | hits: 0
No direct evidence hits for this query.
VS-Q-013 - identity access mfa controls evidence owner review register policy log
tags: identity, access, mfa | hits: 0
No direct evidence hits for this query.
VS-Q-014 - privileged review access controls evidence owner review register policy log
tags: privileged, review, access | hits: 0
No direct evidence hits for this query.
VS-027 - Vendor Security Control 027
gap | severity 2 | evidence_count 0
Ensure Vendor Security control coverage for LOGGING/MONITORING/RETENTION with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating LOGGING/MONITORING/RETENTION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for LOGGING/MONITORING/RETENTION.; Recent review evidence with remediation tracking where exceptions were found.
VS-Q-003 - logging monitoring retention controls evidence owner review register policy log
tags: logging, monitoring, retention | hits: 0
No direct evidence hits for this query.
VS-Q-004 - siem alerting detection controls evidence owner review register policy log
tags: siem, alerting, detection | hits: 0
No direct evidence hits for this query.
VS-Q-015 - logging monitoring retention controls evidence owner review register policy log
tags: logging, monitoring, retention | hits: 0
No direct evidence hits for this query.
VS-Q-016 - siem alerting detection controls evidence owner review register policy log
tags: siem, alerting, detection | hits: 0
No direct evidence hits for this query.
VS-Q-027 - logging monitoring retention controls evidence owner review register policy log
tags: logging, monitoring, retention | hits: 0
No direct evidence hits for this query.
VS-028 - Vendor Security Control 028
gap | severity 3 | evidence_count 0
Ensure Vendor Security control coverage for SIEM/ALERTING/DETECTION with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating SIEM/ALERTING/DETECTION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for SIEM/ALERTING/DETECTION.; Recent review evidence with remediation tracking where exceptions were found.
VS-Q-004 - siem alerting detection controls evidence owner review register policy log
tags: siem, alerting, detection | hits: 0
No direct evidence hits for this query.
VS-Q-005 - encryption key_management data controls evidence owner review register policy log
tags: encryption, key_management, data | hits: 0
No direct evidence hits for this query.
VS-Q-016 - siem alerting detection controls evidence owner review register policy log
tags: siem, alerting, detection | hits: 0
No direct evidence hits for this query.
VS-Q-017 - encryption key_management data controls evidence owner review register policy log
tags: encryption, key_management, data | hits: 0
No direct evidence hits for this query.
VS-Q-028 - siem alerting detection controls evidence owner review register policy log
tags: siem, alerting, detection | hits: 0
No direct evidence hits for this query.
VS-029 - Vendor Security Control 029
gap | severity 4 | evidence_count 0
Ensure Vendor Security control coverage for ENCRYPTION/KEY_MANAGEMENT/DATA with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating ENCRYPTION/KEY_MANAGEMENT/DATA governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for ENCRYPTION/KEY_MANAGEMENT/DATA.; Recent review evidence with remediation tracking where exceptions were found.
VS-Q-005 - encryption key_management data controls evidence owner review register policy log
tags: encryption, key_management, data | hits: 0
No direct evidence hits for this query.
VS-Q-006 - network tls segmentation controls evidence owner review register policy log
tags: network, tls, segmentation | hits: 0
No direct evidence hits for this query.
VS-Q-017 - encryption key_management data controls evidence owner review register policy log
tags: encryption, key_management, data | hits: 0
No direct evidence hits for this query.
VS-Q-018 - network tls segmentation controls evidence owner review register policy log
tags: network, tls, segmentation | hits: 0
No direct evidence hits for this query.
VS-Q-029 - encryption key_management data controls evidence owner review register policy log
tags: encryption, key_management, data | hits: 0
No direct evidence hits for this query.
VS-030 - Vendor Security Control 030
gap | severity 5 | evidence_count 0
Ensure Vendor Security control coverage for NETWORK/TLS/SEGMENTATION with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating NETWORK/TLS/SEGMENTATION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for NETWORK/TLS/SEGMENTATION.; Recent review evidence with remediation tracking where exceptions were found.
VS-Q-006 - network tls segmentation controls evidence owner review register policy log
tags: network, tls, segmentation | hits: 0
No direct evidence hits for this query.
VS-Q-007 - incident response tabletop controls evidence owner review register policy log
tags: incident, response, tabletop | hits: 0
No direct evidence hits for this query.
VS-Q-018 - network tls segmentation controls evidence owner review register policy log
tags: network, tls, segmentation | hits: 0
No direct evidence hits for this query.
VS-Q-019 - incident response tabletop controls evidence owner review register policy log
tags: incident, response, tabletop | hits: 0
No direct evidence hits for this query.
VS-Q-030 - network tls segmentation controls evidence owner review register policy log
tags: network, tls, segmentation | hits: 0
No direct evidence hits for this query.
VS-031 - Vendor Security Control 031
gap | severity 1 | evidence_count 0
Ensure Vendor Security control coverage for INCIDENT/RESPONSE/TABLETOP with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating INCIDENT/RESPONSE/TABLETOP governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for INCIDENT/RESPONSE/TABLETOP.; Recent review evidence with remediation tracking where exceptions were found.
VS-Q-007 - incident response tabletop controls evidence owner review register policy log
tags: incident, response, tabletop | hits: 0
No direct evidence hits for this query.
VS-Q-008 - backup recovery continuity controls evidence owner review register policy log
tags: backup, recovery, continuity | hits: 0
No direct evidence hits for this query.
VS-Q-019 - incident response tabletop controls evidence owner review register policy log
tags: incident, response, tabletop | hits: 0
No direct evidence hits for this query.
VS-Q-020 - backup recovery continuity controls evidence owner review register policy log
tags: backup, recovery, continuity | hits: 0
No direct evidence hits for this query.
VS-Q-031 - incident response tabletop controls evidence owner review register policy log
tags: incident, response, tabletop | hits: 0
No direct evidence hits for this query.
VS-032 - Vendor Security Control 032
gap | severity 2 | evidence_count 0
Ensure Vendor Security control coverage for BACKUP/RECOVERY/CONTINUITY with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating BACKUP/RECOVERY/CONTINUITY governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for BACKUP/RECOVERY/CONTINUITY.; Recent review evidence with remediation tracking where exceptions were found.
VS-Q-008 - backup recovery continuity controls evidence owner review register policy log
tags: backup, recovery, continuity | hits: 0
No direct evidence hits for this query.
VS-Q-009 - vendor third_party risk controls evidence owner review register policy log
tags: vendor, third_party, risk | hits: 0
No direct evidence hits for this query.
VS-Q-020 - backup recovery continuity controls evidence owner review register policy log
tags: backup, recovery, continuity | hits: 0
No direct evidence hits for this query.
VS-Q-021 - vendor third_party risk controls evidence owner review register policy log
tags: vendor, third_party, risk | hits: 0
No direct evidence hits for this query.
VS-Q-032 - backup recovery continuity controls evidence owner review register policy log
tags: backup, recovery, continuity | hits: 0
No direct evidence hits for this query.
VS-033 - Vendor Security Control 033
gap | severity 3 | evidence_count 0
Ensure Vendor Security control coverage for VENDOR/THIRD_PARTY/RISK with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating VENDOR/THIRD_PARTY/RISK governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for VENDOR/THIRD_PARTY/RISK.; Recent review evidence with remediation tracking where exceptions were found.
VS-Q-009 - vendor third_party risk controls evidence owner review register policy log
tags: vendor, third_party, risk | hits: 0
No direct evidence hits for this query.
VS-Q-010 - governance policy audit controls evidence owner review register policy log
tags: governance, policy, audit | hits: 0
No direct evidence hits for this query.
VS-Q-021 - vendor third_party risk controls evidence owner review register policy log
tags: vendor, third_party, risk | hits: 0
No direct evidence hits for this query.
VS-Q-022 - governance policy audit controls evidence owner review register policy log
tags: governance, policy, audit | hits: 0
No direct evidence hits for this query.
VS-Q-033 - vendor third_party risk controls evidence owner review register policy log
tags: vendor, third_party, risk | hits: 0
No direct evidence hits for this query.
VS-034 - Vendor Security Control 034
gap | severity 4 | evidence_count 0
Ensure Vendor Security control coverage for GOVERNANCE/POLICY/AUDIT with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating GOVERNANCE/POLICY/AUDIT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for GOVERNANCE/POLICY/AUDIT.; Recent review evidence with remediation tracking where exceptions were found.
VS-Q-010 - governance policy audit controls evidence owner review register policy log
tags: governance, policy, audit | hits: 0
No direct evidence hits for this query.
VS-Q-011 - training awareness people controls evidence owner review register policy log
tags: training, awareness, people | hits: 0
No direct evidence hits for this query.
VS-Q-022 - governance policy audit controls evidence owner review register policy log
tags: governance, policy, audit | hits: 0
No direct evidence hits for this query.
VS-Q-023 - training awareness people controls evidence owner review register policy log
tags: training, awareness, people | hits: 0
No direct evidence hits for this query.
VS-Q-034 - governance policy audit controls evidence owner review register policy log
tags: governance, policy, audit | hits: 0
No direct evidence hits for this query.
VS-035 - Vendor Security Control 035
gap | severity 5 | evidence_count 0
Ensure Vendor Security control coverage for TRAINING/AWARENESS/PEOPLE with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating TRAINING/AWARENESS/PEOPLE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for TRAINING/AWARENESS/PEOPLE.; Recent review evidence with remediation tracking where exceptions were found.
VS-Q-011 - training awareness people controls evidence owner review register policy log
tags: training, awareness, people | hits: 0
No direct evidence hits for this query.
VS-Q-012 - vulnerability patching operations controls evidence owner review register policy log
tags: vulnerability, patching, operations | hits: 0
No direct evidence hits for this query.
VS-Q-023 - training awareness people controls evidence owner review register policy log
tags: training, awareness, people | hits: 0
No direct evidence hits for this query.
VS-Q-024 - vulnerability patching operations controls evidence owner review register policy log
tags: vulnerability, patching, operations | hits: 0
No direct evidence hits for this query.
VS-Q-035 - training awareness people controls evidence owner review register policy log
tags: training, awareness, people | hits: 0
No direct evidence hits for this query.
VS-036 - Vendor Security Control 036
gap | severity 1 | evidence_count 0
Ensure Vendor Security control coverage for VULNERABILITY/PATCHING/OPERATIONS with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating VULNERABILITY/PATCHING/OPERATIONS governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for VULNERABILITY/PATCHING/OPERATIONS.; Recent review evidence with remediation tracking where exceptions were found.
VS-Q-001 - identity access mfa controls evidence owner review register policy log
tags: identity, access, mfa | hits: 0
No direct evidence hits for this query.
VS-Q-012 - vulnerability patching operations controls evidence owner review register policy log
tags: vulnerability, patching, operations | hits: 0
No direct evidence hits for this query.
VS-Q-013 - identity access mfa controls evidence owner review register policy log
tags: identity, access, mfa | hits: 0
No direct evidence hits for this query.
VS-Q-024 - vulnerability patching operations controls evidence owner review register policy log
tags: vulnerability, patching, operations | hits: 0
No direct evidence hits for this query.
VS-Q-025 - identity access mfa controls evidence owner review register policy log
tags: identity, access, mfa | hits: 0
No direct evidence hits for this query.
VS-037 - Vendor Security Control 037
gap | severity 2 | evidence_count 0
Ensure Vendor Security control coverage for IDENTITY/ACCESS/MFA with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating IDENTITY/ACCESS/MFA governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTITY/ACCESS/MFA.; Recent review evidence with remediation tracking where exceptions were found.
VS-Q-001 - identity access mfa controls evidence owner review register policy log
tags: identity, access, mfa | hits: 0
No direct evidence hits for this query.
VS-Q-002 - privileged review access controls evidence owner review register policy log
tags: privileged, review, access | hits: 0
No direct evidence hits for this query.
VS-Q-013 - identity access mfa controls evidence owner review register policy log
tags: identity, access, mfa | hits: 0
No direct evidence hits for this query.
VS-Q-014 - privileged review access controls evidence owner review register policy log
tags: privileged, review, access | hits: 0
No direct evidence hits for this query.
VS-Q-025 - identity access mfa controls evidence owner review register policy log
tags: identity, access, mfa | hits: 0
No direct evidence hits for this query.
VS-038 - Vendor Security Control 038
gap | severity 3 | evidence_count 0
Ensure Vendor Security control coverage for PRIVILEGED/REVIEW/ACCESS with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating PRIVILEGED/REVIEW/ACCESS governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PRIVILEGED/REVIEW/ACCESS.; Recent review evidence with remediation tracking where exceptions were found.
VS-Q-001 - identity access mfa controls evidence owner review register policy log
tags: identity, access, mfa | hits: 0
No direct evidence hits for this query.
VS-Q-002 - privileged review access controls evidence owner review register policy log
tags: privileged, review, access | hits: 0
No direct evidence hits for this query.
VS-Q-003 - logging monitoring retention controls evidence owner review register policy log
tags: logging, monitoring, retention | hits: 0
No direct evidence hits for this query.
VS-Q-013 - identity access mfa controls evidence owner review register policy log
tags: identity, access, mfa | hits: 0
No direct evidence hits for this query.
VS-Q-014 - privileged review access controls evidence owner review register policy log
tags: privileged, review, access | hits: 0
No direct evidence hits for this query.
VS-039 - Vendor Security Control 039
gap | severity 4 | evidence_count 0
Ensure Vendor Security control coverage for LOGGING/MONITORING/RETENTION with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating LOGGING/MONITORING/RETENTION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for LOGGING/MONITORING/RETENTION.; Recent review evidence with remediation tracking where exceptions were found.
VS-Q-003 - logging monitoring retention controls evidence owner review register policy log
tags: logging, monitoring, retention | hits: 0
No direct evidence hits for this query.
VS-Q-004 - siem alerting detection controls evidence owner review register policy log
tags: siem, alerting, detection | hits: 0
No direct evidence hits for this query.
VS-Q-015 - logging monitoring retention controls evidence owner review register policy log
tags: logging, monitoring, retention | hits: 0
No direct evidence hits for this query.
VS-Q-016 - siem alerting detection controls evidence owner review register policy log
tags: siem, alerting, detection | hits: 0
No direct evidence hits for this query.
VS-Q-027 - logging monitoring retention controls evidence owner review register policy log
tags: logging, monitoring, retention | hits: 0
No direct evidence hits for this query.
VS-040 - Vendor Security Control 040
gap | severity 5 | evidence_count 0
Ensure Vendor Security control coverage for SIEM/ALERTING/DETECTION with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating SIEM/ALERTING/DETECTION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for SIEM/ALERTING/DETECTION.; Recent review evidence with remediation tracking where exceptions were found.
VS-Q-004 - siem alerting detection controls evidence owner review register policy log
tags: siem, alerting, detection | hits: 0
No direct evidence hits for this query.
VS-Q-005 - encryption key_management data controls evidence owner review register policy log
tags: encryption, key_management, data | hits: 0
No direct evidence hits for this query.
VS-Q-016 - siem alerting detection controls evidence owner review register policy log
tags: siem, alerting, detection | hits: 0
No direct evidence hits for this query.
VS-Q-017 - encryption key_management data controls evidence owner review register policy log
tags: encryption, key_management, data | hits: 0
No direct evidence hits for this query.
VS-Q-028 - siem alerting detection controls evidence owner review register policy log
tags: siem, alerting, detection | hits: 0
No direct evidence hits for this query.
VS-041 - Vendor Security Control 041
gap | severity 1 | evidence_count 0
Ensure Vendor Security control coverage for ENCRYPTION/KEY_MANAGEMENT/DATA with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating ENCRYPTION/KEY_MANAGEMENT/DATA governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for ENCRYPTION/KEY_MANAGEMENT/DATA.; Recent review evidence with remediation tracking where exceptions were found.
VS-Q-005 - encryption key_management data controls evidence owner review register policy log
tags: encryption, key_management, data | hits: 0
No direct evidence hits for this query.
VS-Q-006 - network tls segmentation controls evidence owner review register policy log
tags: network, tls, segmentation | hits: 0
No direct evidence hits for this query.
VS-Q-017 - encryption key_management data controls evidence owner review register policy log
tags: encryption, key_management, data | hits: 0
No direct evidence hits for this query.
VS-Q-018 - network tls segmentation controls evidence owner review register policy log
tags: network, tls, segmentation | hits: 0
No direct evidence hits for this query.
VS-Q-029 - encryption key_management data controls evidence owner review register policy log
tags: encryption, key_management, data | hits: 0
No direct evidence hits for this query.
VS-042 - Vendor Security Control 042
gap | severity 2 | evidence_count 0
Ensure Vendor Security control coverage for NETWORK/TLS/SEGMENTATION with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating NETWORK/TLS/SEGMENTATION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for NETWORK/TLS/SEGMENTATION.; Recent review evidence with remediation tracking where exceptions were found.
VS-Q-006 - network tls segmentation controls evidence owner review register policy log
tags: network, tls, segmentation | hits: 0
No direct evidence hits for this query.
VS-Q-007 - incident response tabletop controls evidence owner review register policy log
tags: incident, response, tabletop | hits: 0
No direct evidence hits for this query.
VS-Q-018 - network tls segmentation controls evidence owner review register policy log
tags: network, tls, segmentation | hits: 0
No direct evidence hits for this query.
VS-Q-019 - incident response tabletop controls evidence owner review register policy log
tags: incident, response, tabletop | hits: 0
No direct evidence hits for this query.
VS-Q-030 - network tls segmentation controls evidence owner review register policy log
tags: network, tls, segmentation | hits: 0
No direct evidence hits for this query.
VS-043 - Vendor Security Control 043
gap | severity 3 | evidence_count 0
Ensure Vendor Security control coverage for INCIDENT/RESPONSE/TABLETOP with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating INCIDENT/RESPONSE/TABLETOP governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for INCIDENT/RESPONSE/TABLETOP.; Recent review evidence with remediation tracking where exceptions were found.
VS-Q-007 - incident response tabletop controls evidence owner review register policy log
tags: incident, response, tabletop | hits: 0
No direct evidence hits for this query.
VS-Q-008 - backup recovery continuity controls evidence owner review register policy log
tags: backup, recovery, continuity | hits: 0
No direct evidence hits for this query.
VS-Q-019 - incident response tabletop controls evidence owner review register policy log
tags: incident, response, tabletop | hits: 0
No direct evidence hits for this query.
VS-Q-020 - backup recovery continuity controls evidence owner review register policy log
tags: backup, recovery, continuity | hits: 0
No direct evidence hits for this query.
VS-Q-031 - incident response tabletop controls evidence owner review register policy log
tags: incident, response, tabletop | hits: 0
No direct evidence hits for this query.
VS-044 - Vendor Security Control 044
gap | severity 4 | evidence_count 0
Ensure Vendor Security control coverage for BACKUP/RECOVERY/CONTINUITY with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating BACKUP/RECOVERY/CONTINUITY governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for BACKUP/RECOVERY/CONTINUITY.; Recent review evidence with remediation tracking where exceptions were found.
VS-Q-008 - backup recovery continuity controls evidence owner review register policy log
tags: backup, recovery, continuity | hits: 0
No direct evidence hits for this query.
VS-Q-009 - vendor third_party risk controls evidence owner review register policy log
tags: vendor, third_party, risk | hits: 0
No direct evidence hits for this query.
VS-Q-020 - backup recovery continuity controls evidence owner review register policy log
tags: backup, recovery, continuity | hits: 0
No direct evidence hits for this query.
VS-Q-021 - vendor third_party risk controls evidence owner review register policy log
tags: vendor, third_party, risk | hits: 0
No direct evidence hits for this query.
VS-Q-032 - backup recovery continuity controls evidence owner review register policy log
tags: backup, recovery, continuity | hits: 0
No direct evidence hits for this query.
VS-045 - Vendor Security Control 045
gap | severity 5 | evidence_count 0
Ensure Vendor Security control coverage for VENDOR/THIRD_PARTY/RISK with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating VENDOR/THIRD_PARTY/RISK governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for VENDOR/THIRD_PARTY/RISK.; Recent review evidence with remediation tracking where exceptions were found.
VS-Q-009 - vendor third_party risk controls evidence owner review register policy log
tags: vendor, third_party, risk | hits: 0
No direct evidence hits for this query.
VS-Q-010 - governance policy audit controls evidence owner review register policy log
tags: governance, policy, audit | hits: 0
No direct evidence hits for this query.
VS-Q-021 - vendor third_party risk controls evidence owner review register policy log
tags: vendor, third_party, risk | hits: 0
No direct evidence hits for this query.
VS-Q-022 - governance policy audit controls evidence owner review register policy log
tags: governance, policy, audit | hits: 0
No direct evidence hits for this query.
VS-Q-033 - vendor third_party risk controls evidence owner review register policy log
tags: vendor, third_party, risk | hits: 0
No direct evidence hits for this query.
VS-046 - Vendor Security Control 046
gap | severity 1 | evidence_count 0
Ensure Vendor Security control coverage for GOVERNANCE/POLICY/AUDIT with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating GOVERNANCE/POLICY/AUDIT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for GOVERNANCE/POLICY/AUDIT.; Recent review evidence with remediation tracking where exceptions were found.
VS-Q-010 - governance policy audit controls evidence owner review register policy log
tags: governance, policy, audit | hits: 0
No direct evidence hits for this query.
VS-Q-011 - training awareness people controls evidence owner review register policy log
tags: training, awareness, people | hits: 0
No direct evidence hits for this query.
VS-Q-022 - governance policy audit controls evidence owner review register policy log
tags: governance, policy, audit | hits: 0
No direct evidence hits for this query.
VS-Q-023 - training awareness people controls evidence owner review register policy log
tags: training, awareness, people | hits: 0
No direct evidence hits for this query.
VS-Q-034 - governance policy audit controls evidence owner review register policy log
tags: governance, policy, audit | hits: 0
No direct evidence hits for this query.
VS-047 - Vendor Security Control 047
gap | severity 2 | evidence_count 0
Ensure Vendor Security control coverage for TRAINING/AWARENESS/PEOPLE with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating TRAINING/AWARENESS/PEOPLE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for TRAINING/AWARENESS/PEOPLE.; Recent review evidence with remediation tracking where exceptions were found.
VS-Q-011 - training awareness people controls evidence owner review register policy log
tags: training, awareness, people | hits: 0
No direct evidence hits for this query.
VS-Q-012 - vulnerability patching operations controls evidence owner review register policy log
tags: vulnerability, patching, operations | hits: 0
No direct evidence hits for this query.
VS-Q-023 - training awareness people controls evidence owner review register policy log
tags: training, awareness, people | hits: 0
No direct evidence hits for this query.
VS-Q-024 - vulnerability patching operations controls evidence owner review register policy log
tags: vulnerability, patching, operations | hits: 0
No direct evidence hits for this query.
VS-Q-035 - training awareness people controls evidence owner review register policy log
tags: training, awareness, people | hits: 0
No direct evidence hits for this query.
VS-048 - Vendor Security Control 048
gap | severity 3 | evidence_count 0
Ensure Vendor Security control coverage for VULNERABILITY/PATCHING/OPERATIONS with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating VULNERABILITY/PATCHING/OPERATIONS governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for VULNERABILITY/PATCHING/OPERATIONS.; Recent review evidence with remediation tracking where exceptions were found.
VS-Q-001 - identity access mfa controls evidence owner review register policy log
tags: identity, access, mfa | hits: 0
No direct evidence hits for this query.
VS-Q-012 - vulnerability patching operations controls evidence owner review register policy log
tags: vulnerability, patching, operations | hits: 0
No direct evidence hits for this query.
VS-Q-013 - identity access mfa controls evidence owner review register policy log
tags: identity, access, mfa | hits: 0
No direct evidence hits for this query.
VS-Q-024 - vulnerability patching operations controls evidence owner review register policy log
tags: vulnerability, patching, operations | hits: 0
No direct evidence hits for this query.
VS-Q-025 - identity access mfa controls evidence owner review register policy log
tags: identity, access, mfa | hits: 0
No direct evidence hits for this query.
VS-049 - Vendor Security Control 049
gap | severity 4 | evidence_count 0
Ensure Vendor Security control coverage for IDENTITY/ACCESS/MFA with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating IDENTITY/ACCESS/MFA governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTITY/ACCESS/MFA.; Recent review evidence with remediation tracking where exceptions were found.
VS-Q-001 - identity access mfa controls evidence owner review register policy log
tags: identity, access, mfa | hits: 0
No direct evidence hits for this query.
VS-Q-002 - privileged review access controls evidence owner review register policy log
tags: privileged, review, access | hits: 0
No direct evidence hits for this query.
VS-Q-013 - identity access mfa controls evidence owner review register policy log
tags: identity, access, mfa | hits: 0
No direct evidence hits for this query.
VS-Q-014 - privileged review access controls evidence owner review register policy log
tags: privileged, review, access | hits: 0
No direct evidence hits for this query.
VS-Q-025 - identity access mfa controls evidence owner review register policy log
tags: identity, access, mfa | hits: 0
No direct evidence hits for this query.
VS-050 - Vendor Security Control 050
gap | severity 5 | evidence_count 0
Ensure Vendor Security control coverage for PRIVILEGED/REVIEW/ACCESS with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating PRIVILEGED/REVIEW/ACCESS governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PRIVILEGED/REVIEW/ACCESS.; Recent review evidence with remediation tracking where exceptions were found.
VS-Q-001 - identity access mfa controls evidence owner review register policy log
tags: identity, access, mfa | hits: 0
No direct evidence hits for this query.
VS-Q-002 - privileged review access controls evidence owner review register policy log
tags: privileged, review, access | hits: 0
No direct evidence hits for this query.
VS-Q-003 - logging monitoring retention controls evidence owner review register policy log
tags: logging, monitoring, retention | hits: 0
No direct evidence hits for this query.
VS-Q-013 - identity access mfa controls evidence owner review register policy log
tags: identity, access, mfa | hits: 0
No direct evidence hits for this query.
VS-Q-014 - privileged review access controls evidence owner review register policy log
tags: privileged, review, access | hits: 0
No direct evidence hits for this query.
VS-051 - Vendor Security Control 051
gap | severity 1 | evidence_count 0
Ensure Vendor Security control coverage for LOGGING/MONITORING/RETENTION with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating LOGGING/MONITORING/RETENTION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for LOGGING/MONITORING/RETENTION.; Recent review evidence with remediation tracking where exceptions were found.
VS-Q-003 - logging monitoring retention controls evidence owner review register policy log
tags: logging, monitoring, retention | hits: 0
No direct evidence hits for this query.
VS-Q-004 - siem alerting detection controls evidence owner review register policy log
tags: siem, alerting, detection | hits: 0
No direct evidence hits for this query.
VS-Q-015 - logging monitoring retention controls evidence owner review register policy log
tags: logging, monitoring, retention | hits: 0
No direct evidence hits for this query.
VS-Q-016 - siem alerting detection controls evidence owner review register policy log
tags: siem, alerting, detection | hits: 0
No direct evidence hits for this query.
VS-Q-027 - logging monitoring retention controls evidence owner review register policy log
tags: logging, monitoring, retention | hits: 0
No direct evidence hits for this query.
VS-052 - Vendor Security Control 052
gap | severity 2 | evidence_count 0
Ensure Vendor Security control coverage for SIEM/ALERTING/DETECTION with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating SIEM/ALERTING/DETECTION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for SIEM/ALERTING/DETECTION.; Recent review evidence with remediation tracking where exceptions were found.
VS-Q-004 - siem alerting detection controls evidence owner review register policy log
tags: siem, alerting, detection | hits: 0
No direct evidence hits for this query.
VS-Q-005 - encryption key_management data controls evidence owner review register policy log
tags: encryption, key_management, data | hits: 0
No direct evidence hits for this query.
VS-Q-016 - siem alerting detection controls evidence owner review register policy log
tags: siem, alerting, detection | hits: 0
No direct evidence hits for this query.
VS-Q-017 - encryption key_management data controls evidence owner review register policy log
tags: encryption, key_management, data | hits: 0
No direct evidence hits for this query.
VS-Q-028 - siem alerting detection controls evidence owner review register policy log
tags: siem, alerting, detection | hits: 0
No direct evidence hits for this query.
VS-053 - Vendor Security Control 053
gap | severity 3 | evidence_count 0
Ensure Vendor Security control coverage for ENCRYPTION/KEY_MANAGEMENT/DATA with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating ENCRYPTION/KEY_MANAGEMENT/DATA governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for ENCRYPTION/KEY_MANAGEMENT/DATA.; Recent review evidence with remediation tracking where exceptions were found.
VS-Q-005 - encryption key_management data controls evidence owner review register policy log
tags: encryption, key_management, data | hits: 0
No direct evidence hits for this query.
VS-Q-006 - network tls segmentation controls evidence owner review register policy log
tags: network, tls, segmentation | hits: 0
No direct evidence hits for this query.
VS-Q-017 - encryption key_management data controls evidence owner review register policy log
tags: encryption, key_management, data | hits: 0
No direct evidence hits for this query.
VS-Q-018 - network tls segmentation controls evidence owner review register policy log
tags: network, tls, segmentation | hits: 0
No direct evidence hits for this query.
VS-Q-029 - encryption key_management data controls evidence owner review register policy log
tags: encryption, key_management, data | hits: 0
No direct evidence hits for this query.
VS-054 - Vendor Security Control 054
gap | severity 4 | evidence_count 0
Ensure Vendor Security control coverage for NETWORK/TLS/SEGMENTATION with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating NETWORK/TLS/SEGMENTATION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for NETWORK/TLS/SEGMENTATION.; Recent review evidence with remediation tracking where exceptions were found.
VS-Q-006 - network tls segmentation controls evidence owner review register policy log
tags: network, tls, segmentation | hits: 0
No direct evidence hits for this query.
VS-Q-007 - incident response tabletop controls evidence owner review register policy log
tags: incident, response, tabletop | hits: 0
No direct evidence hits for this query.
VS-Q-018 - network tls segmentation controls evidence owner review register policy log
tags: network, tls, segmentation | hits: 0
No direct evidence hits for this query.
VS-Q-019 - incident response tabletop controls evidence owner review register policy log
tags: incident, response, tabletop | hits: 0
No direct evidence hits for this query.
VS-Q-030 - network tls segmentation controls evidence owner review register policy log
tags: network, tls, segmentation | hits: 0
No direct evidence hits for this query.
VS-055 - Vendor Security Control 055
gap | severity 5 | evidence_count 0
Ensure Vendor Security control coverage for INCIDENT/RESPONSE/TABLETOP with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating INCIDENT/RESPONSE/TABLETOP governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for INCIDENT/RESPONSE/TABLETOP.; Recent review evidence with remediation tracking where exceptions were found.
VS-Q-007 - incident response tabletop controls evidence owner review register policy log
tags: incident, response, tabletop | hits: 0
No direct evidence hits for this query.
VS-Q-008 - backup recovery continuity controls evidence owner review register policy log
tags: backup, recovery, continuity | hits: 0
No direct evidence hits for this query.
VS-Q-019 - incident response tabletop controls evidence owner review register policy log
tags: incident, response, tabletop | hits: 0
No direct evidence hits for this query.
VS-Q-020 - backup recovery continuity controls evidence owner review register policy log
tags: backup, recovery, continuity | hits: 0
No direct evidence hits for this query.
VS-Q-031 - incident response tabletop controls evidence owner review register policy log
tags: incident, response, tabletop | hits: 0
No direct evidence hits for this query.
VS-056 - Vendor Security Control 056
gap | severity 1 | evidence_count 0
Ensure Vendor Security control coverage for BACKUP/RECOVERY/CONTINUITY with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating BACKUP/RECOVERY/CONTINUITY governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for BACKUP/RECOVERY/CONTINUITY.; Recent review evidence with remediation tracking where exceptions were found.
VS-Q-008 - backup recovery continuity controls evidence owner review register policy log
tags: backup, recovery, continuity | hits: 0
No direct evidence hits for this query.
VS-Q-009 - vendor third_party risk controls evidence owner review register policy log
tags: vendor, third_party, risk | hits: 0
No direct evidence hits for this query.
VS-Q-020 - backup recovery continuity controls evidence owner review register policy log
tags: backup, recovery, continuity | hits: 0
No direct evidence hits for this query.
VS-Q-021 - vendor third_party risk controls evidence owner review register policy log
tags: vendor, third_party, risk | hits: 0
No direct evidence hits for this query.
VS-Q-032 - backup recovery continuity controls evidence owner review register policy log
tags: backup, recovery, continuity | hits: 0
No direct evidence hits for this query.
VS-057 - Vendor Security Control 057
gap | severity 2 | evidence_count 0
Ensure Vendor Security control coverage for VENDOR/THIRD_PARTY/RISK with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating VENDOR/THIRD_PARTY/RISK governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for VENDOR/THIRD_PARTY/RISK.; Recent review evidence with remediation tracking where exceptions were found.
VS-Q-009 - vendor third_party risk controls evidence owner review register policy log
tags: vendor, third_party, risk | hits: 0
No direct evidence hits for this query.
VS-Q-010 - governance policy audit controls evidence owner review register policy log
tags: governance, policy, audit | hits: 0
No direct evidence hits for this query.
VS-Q-021 - vendor third_party risk controls evidence owner review register policy log
tags: vendor, third_party, risk | hits: 0
No direct evidence hits for this query.
VS-Q-022 - governance policy audit controls evidence owner review register policy log
tags: governance, policy, audit | hits: 0
No direct evidence hits for this query.
VS-Q-033 - vendor third_party risk controls evidence owner review register policy log
tags: vendor, third_party, risk | hits: 0
No direct evidence hits for this query.
VS-058 - Vendor Security Control 058
gap | severity 3 | evidence_count 0
Ensure Vendor Security control coverage for GOVERNANCE/POLICY/AUDIT with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating GOVERNANCE/POLICY/AUDIT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for GOVERNANCE/POLICY/AUDIT.; Recent review evidence with remediation tracking where exceptions were found.
VS-Q-010 - governance policy audit controls evidence owner review register policy log
tags: governance, policy, audit | hits: 0
No direct evidence hits for this query.
VS-Q-011 - training awareness people controls evidence owner review register policy log
tags: training, awareness, people | hits: 0
No direct evidence hits for this query.
VS-Q-022 - governance policy audit controls evidence owner review register policy log
tags: governance, policy, audit | hits: 0
No direct evidence hits for this query.
VS-Q-023 - training awareness people controls evidence owner review register policy log
tags: training, awareness, people | hits: 0
No direct evidence hits for this query.
VS-Q-034 - governance policy audit controls evidence owner review register policy log
tags: governance, policy, audit | hits: 0
No direct evidence hits for this query.
VS-059 - Vendor Security Control 059
gap | severity 4 | evidence_count 0
Ensure Vendor Security control coverage for TRAINING/AWARENESS/PEOPLE with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating TRAINING/AWARENESS/PEOPLE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for TRAINING/AWARENESS/PEOPLE.; Recent review evidence with remediation tracking where exceptions were found.
VS-Q-011 - training awareness people controls evidence owner review register policy log
tags: training, awareness, people | hits: 0
No direct evidence hits for this query.
VS-Q-012 - vulnerability patching operations controls evidence owner review register policy log
tags: vulnerability, patching, operations | hits: 0
No direct evidence hits for this query.
VS-Q-023 - training awareness people controls evidence owner review register policy log
tags: training, awareness, people | hits: 0
No direct evidence hits for this query.
VS-Q-024 - vulnerability patching operations controls evidence owner review register policy log
tags: vulnerability, patching, operations | hits: 0
No direct evidence hits for this query.
VS-Q-035 - training awareness people controls evidence owner review register policy log
tags: training, awareness, people | hits: 0
No direct evidence hits for this query.
VS-060 - Vendor Security Control 060
gap | severity 5 | evidence_count 0
Ensure Vendor Security control coverage for VULNERABILITY/PATCHING/OPERATIONS with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating VULNERABILITY/PATCHING/OPERATIONS governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for VULNERABILITY/PATCHING/OPERATIONS.; Recent review evidence with remediation tracking where exceptions were found.
VS-Q-001 - identity access mfa controls evidence owner review register policy log
tags: identity, access, mfa | hits: 0
No direct evidence hits for this query.
VS-Q-012 - vulnerability patching operations controls evidence owner review register policy log
tags: vulnerability, patching, operations | hits: 0
No direct evidence hits for this query.
VS-Q-013 - identity access mfa controls evidence owner review register policy log
tags: identity, access, mfa | hits: 0
No direct evidence hits for this query.
VS-Q-024 - vulnerability patching operations controls evidence owner review register policy log
tags: vulnerability, patching, operations | hits: 0
No direct evidence hits for this query.
VS-Q-025 - identity access mfa controls evidence owner review register policy log
tags: identity, access, mfa | hits: 0
No direct evidence hits for this query.
VS-061 - Vendor Security Control 061
gap | severity 1 | evidence_count 0
Ensure Vendor Security control coverage for IDENTITY/ACCESS/MFA with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating IDENTITY/ACCESS/MFA governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTITY/ACCESS/MFA.; Recent review evidence with remediation tracking where exceptions were found.
VS-Q-001 - identity access mfa controls evidence owner review register policy log
tags: identity, access, mfa | hits: 0
No direct evidence hits for this query.
VS-Q-002 - privileged review access controls evidence owner review register policy log
tags: privileged, review, access | hits: 0
No direct evidence hits for this query.
VS-Q-013 - identity access mfa controls evidence owner review register policy log
tags: identity, access, mfa | hits: 0
No direct evidence hits for this query.
VS-Q-014 - privileged review access controls evidence owner review register policy log
tags: privileged, review, access | hits: 0
No direct evidence hits for this query.
VS-Q-025 - identity access mfa controls evidence owner review register policy log
tags: identity, access, mfa | hits: 0
No direct evidence hits for this query.
VS-062 - Vendor Security Control 062
gap | severity 2 | evidence_count 0
Ensure Vendor Security control coverage for PRIVILEGED/REVIEW/ACCESS with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating PRIVILEGED/REVIEW/ACCESS governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PRIVILEGED/REVIEW/ACCESS.; Recent review evidence with remediation tracking where exceptions were found.
VS-Q-001 - identity access mfa controls evidence owner review register policy log
tags: identity, access, mfa | hits: 0
No direct evidence hits for this query.
VS-Q-002 - privileged review access controls evidence owner review register policy log
tags: privileged, review, access | hits: 0
No direct evidence hits for this query.
VS-Q-003 - logging monitoring retention controls evidence owner review register policy log
tags: logging, monitoring, retention | hits: 0
No direct evidence hits for this query.
VS-Q-013 - identity access mfa controls evidence owner review register policy log
tags: identity, access, mfa | hits: 0
No direct evidence hits for this query.
VS-Q-014 - privileged review access controls evidence owner review register policy log
tags: privileged, review, access | hits: 0
No direct evidence hits for this query.
VS-063 - Vendor Security Control 063
gap | severity 3 | evidence_count 0
Ensure Vendor Security control coverage for LOGGING/MONITORING/RETENTION with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating LOGGING/MONITORING/RETENTION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for LOGGING/MONITORING/RETENTION.; Recent review evidence with remediation tracking where exceptions were found.
VS-Q-003 - logging monitoring retention controls evidence owner review register policy log
tags: logging, monitoring, retention | hits: 0
No direct evidence hits for this query.
VS-Q-004 - siem alerting detection controls evidence owner review register policy log
tags: siem, alerting, detection | hits: 0
No direct evidence hits for this query.
VS-Q-015 - logging monitoring retention controls evidence owner review register policy log
tags: logging, monitoring, retention | hits: 0
No direct evidence hits for this query.
VS-Q-016 - siem alerting detection controls evidence owner review register policy log
tags: siem, alerting, detection | hits: 0
No direct evidence hits for this query.
VS-Q-027 - logging monitoring retention controls evidence owner review register policy log
tags: logging, monitoring, retention | hits: 0
No direct evidence hits for this query.
VS-064 - Vendor Security Control 064
gap | severity 4 | evidence_count 0
Ensure Vendor Security control coverage for SIEM/ALERTING/DETECTION with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating SIEM/ALERTING/DETECTION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for SIEM/ALERTING/DETECTION.; Recent review evidence with remediation tracking where exceptions were found.
VS-Q-004 - siem alerting detection controls evidence owner review register policy log
tags: siem, alerting, detection | hits: 0
No direct evidence hits for this query.
VS-Q-005 - encryption key_management data controls evidence owner review register policy log
tags: encryption, key_management, data | hits: 0
No direct evidence hits for this query.
VS-Q-016 - siem alerting detection controls evidence owner review register policy log
tags: siem, alerting, detection | hits: 0
No direct evidence hits for this query.
VS-Q-017 - encryption key_management data controls evidence owner review register policy log
tags: encryption, key_management, data | hits: 0
No direct evidence hits for this query.
VS-Q-028 - siem alerting detection controls evidence owner review register policy log
tags: siem, alerting, detection | hits: 0
No direct evidence hits for this query.
VS-065 - Vendor Security Control 065
gap | severity 5 | evidence_count 0
Ensure Vendor Security control coverage for ENCRYPTION/KEY_MANAGEMENT/DATA with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating ENCRYPTION/KEY_MANAGEMENT/DATA governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for ENCRYPTION/KEY_MANAGEMENT/DATA.; Recent review evidence with remediation tracking where exceptions were found.
VS-Q-005 - encryption key_management data controls evidence owner review register policy log
tags: encryption, key_management, data | hits: 0
No direct evidence hits for this query.
VS-Q-006 - network tls segmentation controls evidence owner review register policy log
tags: network, tls, segmentation | hits: 0
No direct evidence hits for this query.
VS-Q-017 - encryption key_management data controls evidence owner review register policy log
tags: encryption, key_management, data | hits: 0
No direct evidence hits for this query.
VS-Q-018 - network tls segmentation controls evidence owner review register policy log
tags: network, tls, segmentation | hits: 0
No direct evidence hits for this query.
VS-Q-029 - encryption key_management data controls evidence owner review register policy log
tags: encryption, key_management, data | hits: 0
No direct evidence hits for this query.
VS-066 - Vendor Security Control 066
gap | severity 1 | evidence_count 0
Ensure Vendor Security control coverage for NETWORK/TLS/SEGMENTATION with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating NETWORK/TLS/SEGMENTATION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for NETWORK/TLS/SEGMENTATION.; Recent review evidence with remediation tracking where exceptions were found.
VS-Q-006 - network tls segmentation controls evidence owner review register policy log
tags: network, tls, segmentation | hits: 0
No direct evidence hits for this query.
VS-Q-007 - incident response tabletop controls evidence owner review register policy log
tags: incident, response, tabletop | hits: 0
No direct evidence hits for this query.
VS-Q-018 - network tls segmentation controls evidence owner review register policy log
tags: network, tls, segmentation | hits: 0
No direct evidence hits for this query.
VS-Q-019 - incident response tabletop controls evidence owner review register policy log
tags: incident, response, tabletop | hits: 0
No direct evidence hits for this query.
VS-Q-030 - network tls segmentation controls evidence owner review register policy log
tags: network, tls, segmentation | hits: 0
No direct evidence hits for this query.
VS-067 - Vendor Security Control 067
gap | severity 2 | evidence_count 0
Ensure Vendor Security control coverage for INCIDENT/RESPONSE/TABLETOP with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating INCIDENT/RESPONSE/TABLETOP governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for INCIDENT/RESPONSE/TABLETOP.; Recent review evidence with remediation tracking where exceptions were found.
VS-Q-007 - incident response tabletop controls evidence owner review register policy log
tags: incident, response, tabletop | hits: 0
No direct evidence hits for this query.
VS-Q-008 - backup recovery continuity controls evidence owner review register policy log
tags: backup, recovery, continuity | hits: 0
No direct evidence hits for this query.
VS-Q-019 - incident response tabletop controls evidence owner review register policy log
tags: incident, response, tabletop | hits: 0
No direct evidence hits for this query.
VS-Q-020 - backup recovery continuity controls evidence owner review register policy log
tags: backup, recovery, continuity | hits: 0
No direct evidence hits for this query.
VS-Q-031 - incident response tabletop controls evidence owner review register policy log
tags: incident, response, tabletop | hits: 0
No direct evidence hits for this query.
VS-068 - Vendor Security Control 068
gap | severity 3 | evidence_count 0
Ensure Vendor Security control coverage for BACKUP/RECOVERY/CONTINUITY with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating BACKUP/RECOVERY/CONTINUITY governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for BACKUP/RECOVERY/CONTINUITY.; Recent review evidence with remediation tracking where exceptions were found.
VS-Q-008 - backup recovery continuity controls evidence owner review register policy log
tags: backup, recovery, continuity | hits: 0
No direct evidence hits for this query.
VS-Q-009 - vendor third_party risk controls evidence owner review register policy log
tags: vendor, third_party, risk | hits: 0
No direct evidence hits for this query.
VS-Q-020 - backup recovery continuity controls evidence owner review register policy log
tags: backup, recovery, continuity | hits: 0
No direct evidence hits for this query.
VS-Q-021 - vendor third_party risk controls evidence owner review register policy log
tags: vendor, third_party, risk | hits: 0
No direct evidence hits for this query.
VS-Q-032 - backup recovery continuity controls evidence owner review register policy log
tags: backup, recovery, continuity | hits: 0
No direct evidence hits for this query.
VS-069 - Vendor Security Control 069
gap | severity 4 | evidence_count 0
Ensure Vendor Security control coverage for VENDOR/THIRD_PARTY/RISK with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating VENDOR/THIRD_PARTY/RISK governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for VENDOR/THIRD_PARTY/RISK.; Recent review evidence with remediation tracking where exceptions were found.
VS-Q-009 - vendor third_party risk controls evidence owner review register policy log
tags: vendor, third_party, risk | hits: 0
No direct evidence hits for this query.
VS-Q-010 - governance policy audit controls evidence owner review register policy log
tags: governance, policy, audit | hits: 0
No direct evidence hits for this query.
VS-Q-021 - vendor third_party risk controls evidence owner review register policy log
tags: vendor, third_party, risk | hits: 0
No direct evidence hits for this query.
VS-Q-022 - governance policy audit controls evidence owner review register policy log
tags: governance, policy, audit | hits: 0
No direct evidence hits for this query.
VS-Q-033 - vendor third_party risk controls evidence owner review register policy log
tags: vendor, third_party, risk | hits: 0
No direct evidence hits for this query.
VS-070 - Vendor Security Control 070
gap | severity 5 | evidence_count 0
Ensure Vendor Security control coverage for GOVERNANCE/POLICY/AUDIT with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating GOVERNANCE/POLICY/AUDIT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for GOVERNANCE/POLICY/AUDIT.; Recent review evidence with remediation tracking where exceptions were found.
VS-Q-010 - governance policy audit controls evidence owner review register policy log
tags: governance, policy, audit | hits: 0
No direct evidence hits for this query.
VS-Q-011 - training awareness people controls evidence owner review register policy log
tags: training, awareness, people | hits: 0
No direct evidence hits for this query.
VS-Q-022 - governance policy audit controls evidence owner review register policy log
tags: governance, policy, audit | hits: 0
No direct evidence hits for this query.
VS-Q-023 - training awareness people controls evidence owner review register policy log
tags: training, awareness, people | hits: 0
No direct evidence hits for this query.
VS-Q-034 - governance policy audit controls evidence owner review register policy log
tags: governance, policy, audit | hits: 0
No direct evidence hits for this query.
VS-071 - Vendor Security Control 071
gap | severity 1 | evidence_count 0
Ensure Vendor Security control coverage for TRAINING/AWARENESS/PEOPLE with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating TRAINING/AWARENESS/PEOPLE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for TRAINING/AWARENESS/PEOPLE.; Recent review evidence with remediation tracking where exceptions were found.
VS-Q-011 - training awareness people controls evidence owner review register policy log
tags: training, awareness, people | hits: 0
No direct evidence hits for this query.
VS-Q-012 - vulnerability patching operations controls evidence owner review register policy log
tags: vulnerability, patching, operations | hits: 0
No direct evidence hits for this query.
VS-Q-023 - training awareness people controls evidence owner review register policy log
tags: training, awareness, people | hits: 0
No direct evidence hits for this query.
VS-Q-024 - vulnerability patching operations controls evidence owner review register policy log
tags: vulnerability, patching, operations | hits: 0
No direct evidence hits for this query.
VS-Q-035 - training awareness people controls evidence owner review register policy log
tags: training, awareness, people | hits: 0
No direct evidence hits for this query.
VS-072 - Vendor Security Control 072
gap | severity 2 | evidence_count 0
Ensure Vendor Security control coverage for VULNERABILITY/PATCHING/OPERATIONS with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating VULNERABILITY/PATCHING/OPERATIONS governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for VULNERABILITY/PATCHING/OPERATIONS.; Recent review evidence with remediation tracking where exceptions were found.
VS-Q-001 - identity access mfa controls evidence owner review register policy log
tags: identity, access, mfa | hits: 0
No direct evidence hits for this query.
VS-Q-012 - vulnerability patching operations controls evidence owner review register policy log
tags: vulnerability, patching, operations | hits: 0
No direct evidence hits for this query.
VS-Q-013 - identity access mfa controls evidence owner review register policy log
tags: identity, access, mfa | hits: 0
No direct evidence hits for this query.
VS-Q-024 - vulnerability patching operations controls evidence owner review register policy log
tags: vulnerability, patching, operations | hits: 0
No direct evidence hits for this query.
VS-Q-025 - identity access mfa controls evidence owner review register policy log
tags: identity, access, mfa | hits: 0
No direct evidence hits for this query.
VS-073 - Vendor Security Control 073
gap | severity 3 | evidence_count 0
Ensure Vendor Security control coverage for IDENTITY/ACCESS/MFA with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating IDENTITY/ACCESS/MFA governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTITY/ACCESS/MFA.; Recent review evidence with remediation tracking where exceptions were found.
VS-Q-001 - identity access mfa controls evidence owner review register policy log
tags: identity, access, mfa | hits: 0
No direct evidence hits for this query.
VS-Q-002 - privileged review access controls evidence owner review register policy log
tags: privileged, review, access | hits: 0
No direct evidence hits for this query.
VS-Q-013 - identity access mfa controls evidence owner review register policy log
tags: identity, access, mfa | hits: 0
No direct evidence hits for this query.
VS-Q-014 - privileged review access controls evidence owner review register policy log
tags: privileged, review, access | hits: 0
No direct evidence hits for this query.
VS-Q-025 - identity access mfa controls evidence owner review register policy log
tags: identity, access, mfa | hits: 0
No direct evidence hits for this query.
VS-074 - Vendor Security Control 074
gap | severity 4 | evidence_count 0
Ensure Vendor Security control coverage for PRIVILEGED/REVIEW/ACCESS with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating PRIVILEGED/REVIEW/ACCESS governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PRIVILEGED/REVIEW/ACCESS.; Recent review evidence with remediation tracking where exceptions were found.
VS-Q-001 - identity access mfa controls evidence owner review register policy log
tags: identity, access, mfa | hits: 0
No direct evidence hits for this query.
VS-Q-002 - privileged review access controls evidence owner review register policy log
tags: privileged, review, access | hits: 0
No direct evidence hits for this query.
VS-Q-003 - logging monitoring retention controls evidence owner review register policy log
tags: logging, monitoring, retention | hits: 0
No direct evidence hits for this query.
VS-Q-013 - identity access mfa controls evidence owner review register policy log
tags: identity, access, mfa | hits: 0
No direct evidence hits for this query.
VS-Q-014 - privileged review access controls evidence owner review register policy log
tags: privileged, review, access | hits: 0
No direct evidence hits for this query.
VS-075 - Vendor Security Control 075
gap | severity 5 | evidence_count 0
Ensure Vendor Security control coverage for LOGGING/MONITORING/RETENTION with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating LOGGING/MONITORING/RETENTION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for LOGGING/MONITORING/RETENTION.; Recent review evidence with remediation tracking where exceptions were found.
VS-Q-003 - logging monitoring retention controls evidence owner review register policy log
tags: logging, monitoring, retention | hits: 0
No direct evidence hits for this query.
VS-Q-004 - siem alerting detection controls evidence owner review register policy log
tags: siem, alerting, detection | hits: 0
No direct evidence hits for this query.
VS-Q-015 - logging monitoring retention controls evidence owner review register policy log
tags: logging, monitoring, retention | hits: 0
No direct evidence hits for this query.
VS-Q-016 - siem alerting detection controls evidence owner review register policy log
tags: siem, alerting, detection | hits: 0
No direct evidence hits for this query.
VS-Q-027 - logging monitoring retention controls evidence owner review register policy log
tags: logging, monitoring, retention | hits: 0
No direct evidence hits for this query.
VS-076 - Vendor Security Control 076
gap | severity 1 | evidence_count 0
Ensure Vendor Security control coverage for SIEM/ALERTING/DETECTION with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating SIEM/ALERTING/DETECTION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for SIEM/ALERTING/DETECTION.; Recent review evidence with remediation tracking where exceptions were found.
VS-Q-004 - siem alerting detection controls evidence owner review register policy log
tags: siem, alerting, detection | hits: 0
No direct evidence hits for this query.
VS-Q-005 - encryption key_management data controls evidence owner review register policy log
tags: encryption, key_management, data | hits: 0
No direct evidence hits for this query.
VS-Q-016 - siem alerting detection controls evidence owner review register policy log
tags: siem, alerting, detection | hits: 0
No direct evidence hits for this query.
VS-Q-017 - encryption key_management data controls evidence owner review register policy log
tags: encryption, key_management, data | hits: 0
No direct evidence hits for this query.
VS-Q-028 - siem alerting detection controls evidence owner review register policy log
tags: siem, alerting, detection | hits: 0
No direct evidence hits for this query.
VS-077 - Vendor Security Control 077
gap | severity 2 | evidence_count 0
Ensure Vendor Security control coverage for ENCRYPTION/KEY_MANAGEMENT/DATA with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating ENCRYPTION/KEY_MANAGEMENT/DATA governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for ENCRYPTION/KEY_MANAGEMENT/DATA.; Recent review evidence with remediation tracking where exceptions were found.
VS-Q-005 - encryption key_management data controls evidence owner review register policy log
tags: encryption, key_management, data | hits: 0
No direct evidence hits for this query.
VS-Q-006 - network tls segmentation controls evidence owner review register policy log
tags: network, tls, segmentation | hits: 0
No direct evidence hits for this query.
VS-Q-017 - encryption key_management data controls evidence owner review register policy log
tags: encryption, key_management, data | hits: 0
No direct evidence hits for this query.
VS-Q-018 - network tls segmentation controls evidence owner review register policy log
tags: network, tls, segmentation | hits: 0
No direct evidence hits for this query.
VS-Q-029 - encryption key_management data controls evidence owner review register policy log
tags: encryption, key_management, data | hits: 0
No direct evidence hits for this query.
VS-078 - Vendor Security Control 078
gap | severity 3 | evidence_count 0
Ensure Vendor Security control coverage for NETWORK/TLS/SEGMENTATION with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating NETWORK/TLS/SEGMENTATION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for NETWORK/TLS/SEGMENTATION.; Recent review evidence with remediation tracking where exceptions were found.
VS-Q-006 - network tls segmentation controls evidence owner review register policy log
tags: network, tls, segmentation | hits: 0
No direct evidence hits for this query.
VS-Q-007 - incident response tabletop controls evidence owner review register policy log
tags: incident, response, tabletop | hits: 0
No direct evidence hits for this query.
VS-Q-018 - network tls segmentation controls evidence owner review register policy log
tags: network, tls, segmentation | hits: 0
No direct evidence hits for this query.
VS-Q-019 - incident response tabletop controls evidence owner review register policy log
tags: incident, response, tabletop | hits: 0
No direct evidence hits for this query.
VS-Q-030 - network tls segmentation controls evidence owner review register policy log
tags: network, tls, segmentation | hits: 0
No direct evidence hits for this query.
VS-079 - Vendor Security Control 079
gap | severity 4 | evidence_count 0
Ensure Vendor Security control coverage for INCIDENT/RESPONSE/TABLETOP with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating INCIDENT/RESPONSE/TABLETOP governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for INCIDENT/RESPONSE/TABLETOP.; Recent review evidence with remediation tracking where exceptions were found.
VS-Q-007 - incident response tabletop controls evidence owner review register policy log
tags: incident, response, tabletop | hits: 0
No direct evidence hits for this query.
VS-Q-008 - backup recovery continuity controls evidence owner review register policy log
tags: backup, recovery, continuity | hits: 0
No direct evidence hits for this query.
VS-Q-019 - incident response tabletop controls evidence owner review register policy log
tags: incident, response, tabletop | hits: 0
No direct evidence hits for this query.
VS-Q-020 - backup recovery continuity controls evidence owner review register policy log
tags: backup, recovery, continuity | hits: 0
No direct evidence hits for this query.
VS-Q-031 - incident response tabletop controls evidence owner review register policy log
tags: incident, response, tabletop | hits: 0
No direct evidence hits for this query.
VS-080 - Vendor Security Control 080
gap | severity 5 | evidence_count 0
Ensure Vendor Security control coverage for BACKUP/RECOVERY/CONTINUITY with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating BACKUP/RECOVERY/CONTINUITY governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for BACKUP/RECOVERY/CONTINUITY.; Recent review evidence with remediation tracking where exceptions were found.
VS-Q-008 - backup recovery continuity controls evidence owner review register policy log
tags: backup, recovery, continuity | hits: 0
No direct evidence hits for this query.
VS-Q-009 - vendor third_party risk controls evidence owner review register policy log
tags: vendor, third_party, risk | hits: 0
No direct evidence hits for this query.
VS-Q-020 - backup recovery continuity controls evidence owner review register policy log
tags: backup, recovery, continuity | hits: 0
No direct evidence hits for this query.
VS-Q-021 - vendor third_party risk controls evidence owner review register policy log
tags: vendor, third_party, risk | hits: 0
No direct evidence hits for this query.
VS-Q-032 - backup recovery continuity controls evidence owner review register policy log
tags: backup, recovery, continuity | hits: 0
No direct evidence hits for this query.
Query Log
| query_id | query_text | tags | hits |
|---|---|---|---|
VS-Q-001 | identity access mfa controls evidence owner review register policy log | identity, access, mfa | 0 |
VS-Q-002 | privileged review access controls evidence owner review register policy log | privileged, review, access | 0 |
VS-Q-003 | logging monitoring retention controls evidence owner review register policy log | logging, monitoring, retention | 0 |
VS-Q-004 | siem alerting detection controls evidence owner review register policy log | siem, alerting, detection | 0 |
VS-Q-005 | encryption key_management data controls evidence owner review register policy log | encryption, key_management, data | 0 |
VS-Q-006 | network tls segmentation controls evidence owner review register policy log | network, tls, segmentation | 0 |
VS-Q-007 | incident response tabletop controls evidence owner review register policy log | incident, response, tabletop | 0 |
VS-Q-008 | backup recovery continuity controls evidence owner review register policy log | backup, recovery, continuity | 0 |
VS-Q-009 | vendor third_party risk controls evidence owner review register policy log | vendor, third_party, risk | 0 |
VS-Q-010 | governance policy audit controls evidence owner review register policy log | governance, policy, audit | 0 |
VS-Q-011 | training awareness people controls evidence owner review register policy log | training, awareness, people | 0 |
VS-Q-012 | vulnerability patching operations controls evidence owner review register policy log | vulnerability, patching, operations | 0 |
VS-Q-013 | identity access mfa controls evidence owner review register policy log | identity, access, mfa | 0 |
VS-Q-014 | privileged review access controls evidence owner review register policy log | privileged, review, access | 0 |
VS-Q-015 | logging monitoring retention controls evidence owner review register policy log | logging, monitoring, retention | 0 |
VS-Q-016 | siem alerting detection controls evidence owner review register policy log | siem, alerting, detection | 0 |
VS-Q-017 | encryption key_management data controls evidence owner review register policy log | encryption, key_management, data | 0 |
VS-Q-018 | network tls segmentation controls evidence owner review register policy log | network, tls, segmentation | 0 |
VS-Q-019 | incident response tabletop controls evidence owner review register policy log | incident, response, tabletop | 0 |
VS-Q-020 | backup recovery continuity controls evidence owner review register policy log | backup, recovery, continuity | 0 |
VS-Q-021 | vendor third_party risk controls evidence owner review register policy log | vendor, third_party, risk | 0 |
VS-Q-022 | governance policy audit controls evidence owner review register policy log | governance, policy, audit | 0 |
VS-Q-023 | training awareness people controls evidence owner review register policy log | training, awareness, people | 0 |
VS-Q-024 | vulnerability patching operations controls evidence owner review register policy log | vulnerability, patching, operations | 0 |
VS-Q-025 | identity access mfa controls evidence owner review register policy log | identity, access, mfa | 0 |
VS-Q-026 | privileged review access controls evidence owner review register policy log | privileged, review, access | 0 |
VS-Q-027 | logging monitoring retention controls evidence owner review register policy log | logging, monitoring, retention | 0 |
VS-Q-028 | siem alerting detection controls evidence owner review register policy log | siem, alerting, detection | 0 |
VS-Q-029 | encryption key_management data controls evidence owner review register policy log | encryption, key_management, data | 0 |
VS-Q-030 | network tls segmentation controls evidence owner review register policy log | network, tls, segmentation | 0 |
VS-Q-031 | incident response tabletop controls evidence owner review register policy log | incident, response, tabletop | 0 |
VS-Q-032 | backup recovery continuity controls evidence owner review register policy log | backup, recovery, continuity | 0 |
VS-Q-033 | vendor third_party risk controls evidence owner review register policy log | vendor, third_party, risk | 0 |
VS-Q-034 | governance policy audit controls evidence owner review register policy log | governance, policy, audit | 0 |
VS-Q-035 | training awareness people controls evidence owner review register policy log | training, awareness, people | 0 |
VS-Q-036 | vulnerability patching operations controls evidence owner review register policy log | vulnerability, patching, operations | 0 |
VS-Q-037 | identity access mfa controls evidence owner review register policy log | identity, access, mfa | 0 |
VS-Q-038 | privileged review access controls evidence owner review register policy log | privileged, review, access | 0 |
VS-Q-039 | logging monitoring retention controls evidence owner review register policy log | logging, monitoring, retention | 0 |
VS-Q-040 | siem alerting detection controls evidence owner review register policy log | siem, alerting, detection | 0 |
Query Log
| query_id | query_text | tags | hits |
|---|---|---|---|
VS-Q-001 | identity access mfa controls evidence owner review register policy log | identity, access, mfa | 0 |
VS-Q-002 | privileged review access controls evidence owner review register policy log | privileged, review, access | 0 |
VS-Q-003 | logging monitoring retention controls evidence owner review register policy log | logging, monitoring, retention | 0 |
VS-Q-004 | siem alerting detection controls evidence owner review register policy log | siem, alerting, detection | 0 |
VS-Q-005 | encryption key_management data controls evidence owner review register policy log | encryption, key_management, data | 0 |
VS-Q-006 | network tls segmentation controls evidence owner review register policy log | network, tls, segmentation | 0 |
VS-Q-007 | incident response tabletop controls evidence owner review register policy log | incident, response, tabletop | 0 |
VS-Q-008 | backup recovery continuity controls evidence owner review register policy log | backup, recovery, continuity | 0 |
VS-Q-009 | vendor third_party risk controls evidence owner review register policy log | vendor, third_party, risk | 0 |
VS-Q-010 | governance policy audit controls evidence owner review register policy log | governance, policy, audit | 0 |
VS-Q-011 | training awareness people controls evidence owner review register policy log | training, awareness, people | 0 |
VS-Q-012 | vulnerability patching operations controls evidence owner review register policy log | vulnerability, patching, operations | 0 |
VS-Q-013 | identity access mfa controls evidence owner review register policy log | identity, access, mfa | 0 |
VS-Q-014 | privileged review access controls evidence owner review register policy log | privileged, review, access | 0 |
VS-Q-015 | logging monitoring retention controls evidence owner review register policy log | logging, monitoring, retention | 0 |
VS-Q-016 | siem alerting detection controls evidence owner review register policy log | siem, alerting, detection | 0 |
VS-Q-017 | encryption key_management data controls evidence owner review register policy log | encryption, key_management, data | 0 |
VS-Q-018 | network tls segmentation controls evidence owner review register policy log | network, tls, segmentation | 0 |
VS-Q-019 | incident response tabletop controls evidence owner review register policy log | incident, response, tabletop | 0 |
VS-Q-020 | backup recovery continuity controls evidence owner review register policy log | backup, recovery, continuity | 0 |
VS-Q-021 | vendor third_party risk controls evidence owner review register policy log | vendor, third_party, risk | 0 |
VS-Q-022 | governance policy audit controls evidence owner review register policy log | governance, policy, audit | 0 |
VS-Q-023 | training awareness people controls evidence owner review register policy log | training, awareness, people | 0 |
VS-Q-024 | vulnerability patching operations controls evidence owner review register policy log | vulnerability, patching, operations | 0 |
VS-Q-025 | identity access mfa controls evidence owner review register policy log | identity, access, mfa | 0 |
VS-Q-026 | privileged review access controls evidence owner review register policy log | privileged, review, access | 0 |
VS-Q-027 | logging monitoring retention controls evidence owner review register policy log | logging, monitoring, retention | 0 |
VS-Q-028 | siem alerting detection controls evidence owner review register policy log | siem, alerting, detection | 0 |
VS-Q-029 | encryption key_management data controls evidence owner review register policy log | encryption, key_management, data | 0 |
VS-Q-030 | network tls segmentation controls evidence owner review register policy log | network, tls, segmentation | 0 |
VS-Q-031 | incident response tabletop controls evidence owner review register policy log | incident, response, tabletop | 0 |
VS-Q-032 | backup recovery continuity controls evidence owner review register policy log | backup, recovery, continuity | 0 |
VS-Q-033 | vendor third_party risk controls evidence owner review register policy log | vendor, third_party, risk | 0 |
VS-Q-034 | governance policy audit controls evidence owner review register policy log | governance, policy, audit | 0 |
VS-Q-035 | training awareness people controls evidence owner review register policy log | training, awareness, people | 0 |
VS-Q-036 | vulnerability patching operations controls evidence owner review register policy log | vulnerability, patching, operations | 0 |
VS-Q-037 | identity access mfa controls evidence owner review register policy log | identity, access, mfa | 0 |
VS-Q-038 | privileged review access controls evidence owner review register policy log | privileged, review, access | 0 |
VS-Q-039 | logging monitoring retention controls evidence owner review register policy log | logging, monitoring, retention | 0 |
VS-Q-040 | siem alerting detection controls evidence owner review register policy log | siem, alerting, detection | 0 |