During the last weeks the Alyne Team has been busy updating and reviewing existing control sets and assessments as well as creating new control sets and assessments. The update has been provided - as with all previous library updates - to existing and new customers alike.
New created control sets and assessments
The BDSG (Bundesdatenschutzgesetz) control set has been created to provide extended controls coverage for an organisation to align with the German & European Data Privacy requirements including requirements from related German laws (TKG, TMG, SGB). However, this control set should not be used following the commencement of the EU GDPR, 25 May 2018. Organisations wishing to measure compliance with German & European Data Privacy requirements should use the GDPR control set and assessments, which has also been updated followed by a quality review.
NIST 2018 This control set covers the requirements defined by the United States Department of Energy C2M2 Cyber Capability Maturity Model developed by NIST for the energy sector (version 1.1 as of April 16, 2018). The new content includes a control set of 405 control statements and a corresponding assessment set.
The PCI DSS v3.2 (Payment Card Industry Data Security Standard) control set has been updated and improved. It now provides guidance and controls to build and maintain compliance with the requirements of the Payment Card Industry Data Security Standard (PCI DSS, version 3.2 as of April 2016). The new content includes a control set of 271 control statements and two corresponding assessment set covering the Merchant Level 1 (Controls validated by an external Qualified Security Assessor for Level 1 compliance) and Merchant Level 2-4 (Controls in the form of a self assessment for Level 2 - 4 compliance).
Updated and reviewed control sets and assessments
The GDPR (General Data Protection Regulation) control set has been revised, updated and improved based on Industry and Government feedback. This control set provides extended controls coverage for an organisation to align with the European General Data Protection Regulation (GDPR). The new content includes a control set of 250 control statements and a corresponding assessment set.
The COBIT 5 control set and assessment have been reviewed and updated - it covers the entire scope of the COBIT 5 control objectives for organisations to build and maintain COBIT 5 aligned IT governance. The new content includes a control set of 515 control statements and a corresponding assessment set.