To import a CAIQ 3.0.1 Spreadsheet into STARWatch, follow these steps:
When the import is complete, you will arrive at the Overview page for the assessment and will be able to update any imported content as needed.
*Importing assumes you have not modified any cells or columns within the spreadsheet.
Look for the icon on either the assessment index of your license, or on the assessment overview page. If you don't see the icon, you don't have permission to export that assessment and should contact your license's administrator.
STARWatch currently allows cross-referencing any CCM/CAIQ control with 33 different reference points, including 27 international standards and regulations, deployment models, architecture and CSA security guidance. These standards include almost all mappings that exist in the CCM, including of course PCI-DSS, ISO/IEC 27001 and FedRAMP.
In STARWatch, these mappings are represented by “TAGS”:
Each control in STARWatch has a set of tags that describe its relationship with other standards and reference points.
To select all controls that map to a specific standard (e.g. ISO/IEC 27001) or even a specific subsection of a standard (e.g. Section 12.6.1 of ISO/IEC 27001), locate the “Filter by tag” field at the top of the assessment:
Then, start typing the name of a standard you’re interested in: STARWatch will display all known cross-references, helping you narrow down your choice:
After applying a tag, only the controls that have the selected tag will be displayed. You can select more than one tag: in that case only the controls that map to all applied tags combined will displayed.
STARWatch users can also view all the existing mappings (a.k.a. tags) of a specific CCM control, simply by clicking on a control and then on the “Toggle Mappings” button:
When a license expires, you will still have access to all of your assessments and be able to download them as is. You will not, however, be able to create or import new assessments, nor edit existing assessments. Once renewed, you will regain full access to STARWatch for another year.
Assessments will need to be performed via the Assessment Overview:
Scroll down to and click on the question/control you want to assess.
The specific control’s page will contain links to its associated questions while a specific questions page will contain a form for recording your answer.
Record your answer and notes/comment (if any) in the form.
When all questions under a control are no longer “Open”, a new form will be displayed where you may address the overall maturity of the control.