Evidence Management

One place to manage all your security audit evidence

Create an inventory of all automated & manual evidence, ensure each evidence is assigned, kept current, and linked to your compliance objectives.

/_next/static/media/svg-horizontal.85e8651f.svg
/_next/static/media/svg-horizontal.85e8651f.svg
Evidence.svg

Continuous collection

Real-time collection of admin users, MFA status, user permissions, and security best practices from over 25 systems.

Evidence.svg

Automatic gap identification

Automatic control testing to ensure controls are healthy and gaps are remediated in time.

Evidence.svg

Keep it current

Set recurring schedules for manual evidence and let the system track, alert, and remind to ensure timely collection.

Evidence.svg

Assign & track ownerships

Assign evidence to , owner, contributors or teams to track and delegate ownerships.

Evidence.svg

Automatically link to audits

Keep evidence centrally mapped to framework objectives for automated audit submissions

Evidence.svg

Link to JIRA / ticketing systems

Manage evidence centrally by linking ControlMap evidence to JIRA issues or tickets in other ticketing systems.

Evidence collected

Cloud systems

Connect to AWS, Azure or GCP to ensure compliance and automatically collect evidence for your audits,

/_next/static/media/svg-horizontal.85e8651f.svg
connect.svg

Who has access?

Is all the coordination for evidence collection slowing your compliance program? Automate all grunt work and expand your compliance.

connect.svg

Is MFA Enabled?

Is all the coordination for evidence collection slowing your compliance program? Automate all grunt work and expand your compliance.

connect.svg

Data at rest is encrypted

Is all the coordination for evidence collection slowing your compliance program? Automate all grunt work and expand your compliance.


connect.svg

Are backups enabled?

Is all the coordination for evidence collection slowing your compliance program? Automate all grunt work and expand your compliance.

connect.svg

Is monitoring enabled ?

Is all the coordination for evidence collection slowing your compliance program? Automate all grunt work and expand your compliance.

connect.svg

Security best practices enabled?

Is all the coordination for evidence collection slowing your compliance program? Automate all grunt work and expand your compliance.

Evidence collected

Identity Provider & HR systems

Connect to over 25 people system including Azure AD, Okta, Bamboo HR, ADP, etc to populate employee sets

/_next/static/media/svg-horizontal.85e8651f.svg
connect.svg

Populate employee sets

Is all the coordination for evidence collection slowing your compliance program? Automate all grunt work and expand your compliance.

connect.svg

Track offboarding

Is all the coordination for evidence collection slowing your compliance program? Automate all grunt work and expand your compliance.

connect.svg

Awareness training completed?

Is all the coordination for evidence collection slowing your compliance program? Automate all grunt work and expand your compliance.


Evidence collected

Asset & Endpoint Management System

Automatically create an inventory of endpoints and other employee devices from MS Intune, JAMF etc

/_next/static/media/svg-horizontal.85e8651f.svg
assets.svg

Endpoint / Laptop inventory

Connect to endpoint management systems to automatically inventory endpoints in ControlMap

malware.svg

Compliance status

Automatically collect evidence of anti-virus protection being enabled, disk protection etc from end point management systems

ownerships.svg

Asset ownership / status

Connect assets to employee-owners in the system to track orphan assets

Evidence collected

Source control systems

Connect to Github, Bitbucket, or Microsoft DevOps to automatically collect evidence from your source control systems

/_next/static/media/svg-horizontal.85e8651f.svg
access.svg

Who has access?

Gather evidence of who has access and what is the level of access to your source code repositories.

mfa.svg

MFA and role based access enabled

Ensure that privileged users have MFA enabled and individual user access is disabled

best-practices-protection.svg

Branch protection checks

Automatic best practices checks such as 'Branch Protection' is enabled for main source code branches.


Evidence collected

Ticketing systems

Connect to JIRA, Connectwise or other ticketing system to share work status between ControlMap

/_next/static/media/svg-horizontal.85e8651f.svg
connect.svg

Sync tickets

Is all the coordination for evidence collection slowing your compliance program? Automate all grunt work and expand your compliance.

connect.svg

Ingest tickets as evidence

Is all the coordination for evidence collection slowing your compliance program? Automate all grunt work and expand your compliance.

connect.svg

Assign from ControlMap

Is all the coordination for evidence collection slowing your compliance program? Automate all grunt work and expand your compliance.


Simplify evidence management

Book your demo
/_next/static/media/svg-horizontal.85e8651f.svg
Learning resources

Learn more about evidence management

More
/_next/static/media/svg-horizontal.85e8651f.svg
CMMC.png
Blog

Why the Cybersecurity Maturity Model Certification (CMMC) Matters Now?

The Cybersecurity Maturity Model Certification (CMMC) is here. As mentioned in other blog posts, without a single standard to govern all cybersecurity risks, industries and regulatory bodies are authoring and enforcing their own frameworks to address the specific needs of their given domains. It should come as no surprise that the Department of Defense (DOD) – the government agency charged with keeping the United States safe – would have their own set of standards for contractors, too.
Read More
spot the difference.png
Blog

SOC2 vs ISO27001

Learn what ISO 27001 and SOC 2 compliance is? What is the difference and similarity between them? Read along to know everything about it.
Visit Site
policy.png
Blog

Top 10 Policies for SOC 2, ISO 27001 compliance

Here is a list of the Top Ten Mandatory policies that each company should put in place when they start their SOC2, ISO 27001, or FEDRAMP journey. Along with each policy, you will find included a brief description of what that policy means, why it is required, and the topics you should cover.
Read More