Overview
Paramify automatically flags missing data or potential data inconsistencies that the user should review. Colors highlight the criticality of the flag:
- Blue: Informational; cleared when "fixed" or related control implementation, solution capability or element Assurance Status is "Marked as Reviewed"
- Yellow: Likely incorrect; cleared when "fixed"
- Red: Critical issue disrupting deliverables; cleared when "fixed"
Users can filter and view items with specific flags directly from the main Solution Capabilities, Controls Implementation, or Elements view.
The user can then apply bulk actions or go into the Solution Capability or Element to take action if necessary. This will greatly reduce time spent sifting through data and ensure a clean, fast, and easy process.
Solution Capability and Control Implementation Flags
Paramify flags the following data considerations in the Solution Capability and Control Implementation views:
- Invalid Mention(s): Unrecognized or unsupported element reference, i.e. mention
- Metadata Detected: Metadata added to solution body as part of import or SSP ingestion troubleshooting processes
- Shared Origination: Indicates a control implementation custom response with shared origins (only occurs with existing SSP ingestion because shared origination is only derived in Paramify for CRM purposes)
- Inherited Error: Main component missing or main component is not a FedRAMP system or does not have a leveraged system set
- Implementation Mismatch: A mention has a different implementation status than the Solution Capability
- No Responsible Role: Missing responsible role
- Implementation Not Set: Missing implementation status
- No Origination: Missing origination
- Stack Mismatch: The component of a mention is assigned to a different stack than the Solution Capability
- No Mentions Or Smart Text: Response does not include any links to elements
- Potential Duplicate: The Solution Capability title has the same prefix as another Solution Capability, indicating it may be duplicative (Solution Capability implementation only)
- Parameter Mismatch: The control parameter entered matches the recommended control parameter in the compliance framework profile for a lower impact level than the current project (Control Implementation only)
- Potential Parameter Mismatch: The control parameter entered matches a recommended control parameter for a higher impact level in the compliance framework profile than the project security objective or doesn't match any of the recommended parameters (Control Implementation only)
Element Flags
Paramify flags the following data considerations in the Element views:
- Potential Duplicate: The Element title has the same prefix as another Element, indicating it may be duplicative. Consider updating the titles to be unique or Find and Replace inaccurate mentions before deleting duplicate Elements.
- Missing Description: The Element description is null
- Inactive Status: The Element status is not set or set to something something other than Operational for components or Active for Locations (Parties, Roles, and Data Element Types do not have an equivalent status)
- Missing Address: The city or country is missing on Location elements
- Incomplete Data Flow(s): The data flow started for a Component element is incomplete. The data flows impact cryptographic module related deliverable generated by Document Robot.
- Inventory Location Mismatch: "Data region locations" and "Deployment Location" don't match for a component subtype = IaaS. "Data region locations" is found on the component details tab and "Deployment Location" on the inventory tab
These flags are great tools to verify data integrity and correct common data errors before generating your System Security Plan for assessment.
Comments
0 comments
Please sign in to leave a comment.