NOTE
We recommend you use Risk Solutions to manage your Elements. See Risk Solutions.
Elements are the nouns in a security program. A noun consists of People, Places, and Things. In the context of your security program, nouns translate to relevant roles, data locations, and tools and applications. Elements are global in nature, applicable to all objects within a workspace.
Our intake process accelerates creation of your Elements in Paramify by leveraging our master data library. The Elements can be created once and reused multiple times throughout your documentation through Element Mentions. For more information about Element Mentions and their benefits, see Smart Text & Mentions.
Types of Elements
| Components | Components are technical & non-technical tools used to achieve an outcome. |
| Parties | Parties are the personnel that operate the program and underlying components. |
| Roles | Roles are assignments granting parties or components access permissions. |
| Locations | Locations are places where parties and components operate. |
| Data | Data is the inputs and outputs of the program and underlying components. |
| Collections | Collections are groups of elements used for organizing security efforts. |
Each element has six characteristics. Below are the following six characteristics:
Type
The type represents what form the element is. It can be one of the six types of elements that were mentioned above.
Subtype
The subtype represents a more specific type of an element. This can be very specific such as a SaaS, FedRAMP System, Process, Plan, Organization, Person, Privileged or non-Privileged access, etc. These subtypes will provide more detail on each element.
Name
You can assign a name for each component to help organize better.
Description
This is a simple description of the element. You can put any specific information in here for the element.
Status
This shows the status of the element on whether it is implemented or not or reviewed by a person.
Stack
A stack in Paramify is a way to group and assign components or teams to Risk Solutions or Elements. It helps organize responsibilities and access, making sure the right people or teams are connected to the right parts of your security program.
Elements consist of the following types and subtypes:
| Element Type | Element Type Definition | Element Subtype |
| Component | Technical & Non-technical tools used to achieve an outcome | Agreement, Plan, Policy, Procedure, Process, FedRAMP System, IAAS, SAAS, PAAS, Software, Hardware, Interconnection, Service, Validation, Subnet, Customer Managed |
| Party | Personnel that operate the project and underlying components | Organization, Person |
| Role | Assignments granting parties or components access permissions | No Logical Access, Not Privileged, Privileged |
| Location | Places where parties or component operate | Campus, Data Center, Data Region Cloud, Other Location, Remote |
| Data | The inputs and outputs of the projects and underlying components | Account Data, Customer Data, Metadata, Support and Admin Data |
The fields available (and/or required fields) for an Element varies by Element Type and Subtype. Elements can be interdependent on one another. Here are a few examples:
- A person's name and title are captured in the Party Element but the relevant address is in the Location element
- Data Elements are associated to multiple component Element Subtypes
- FedRAMP System Components are tied to IAAS, SAAS, and PAAS Component as "Leveraged System" to track inheritance
- The Nature of Agreement is defined in the Agreement component which must be associated with the Federal System and/or Interconnection components to appear in the SSP. For information about properly capturing the Nature of Agreement in an SSP, see Nature of Agreement
Each of these characteristics are used to maintain good records of elements that can eventually be used in your security documentations.
How to Navigate Elements
This is a guide on how to navigate the Elements. You will first start from the dashboard page and move from there.
1
2. Click the Implementation section to begin managing your elements within Paramify.
3. Click the Elements menu to view all available element categories for configuration.
4. Click Components to access the different component types available in your workspace.
5. Click Parties to manage the parties involved in your projects or processes.
6. Click Roles to view and configure the roles assigned to different parties.
7. Click Locations to manage the various locations associated with your elements.
8. Click Data to explore and manage data-related elements within Paramify.
9. Click Collections to organize and handle grouped data sets effectively.
10. Click any Component to view detailed information and settings for a specific component.
11. Once you are inside a component, you can configure the details of this component. Click Inventory to manage the inventory items linked to your components and elements.
12. You can manage the assets/inventory for each element.
13. You can also: Click Party to access detailed information and settings for a specific party.
14. Click Role to view and modify the details of a particular role within your setup.
15. Click Location to manage the specifics of a selected location within your elements.
Comments
0 comments
Please sign in to leave a comment.