About the Content Folders

The Content navigation pane is a hierarchical tree that separates system-provided content from your organization's content.

  • RiskVision Content Library: Provides RiskVision-defined, read-only content (documentation, templates, controls, and subcontrols) to enforce, monitor, and calculate compliance and risk scores based on common industry standards, such as NIST SP 800-53. To enforce controls, the library includes both automated and manual/questionnaire control checks. In the case of automated controls, the appropriate connectors run checks on targeted entities and return results to RiskVision. For manual control checks, questionnaires are automatically distributed to the appropriate entity stakeholders. The questionnaire results are automatically collected.

    Controls and subcontrols for the NIST SP 800-53 standard are provided in the Content library by default. Controls and subcontrols for other standards are available for purchase from Resolver.

  • Organization Content - The Organization Content tree is designed to hold the collection of controls you want your organization to use for compliance and risk measurement. By default, this section includes predefined groups for linking in your own organization's policy documents, control framework, and individual controls and subcontrols, but you can also create additional subgroups or folders within the current hierarchy to meet the needs of your organization.

    Although users can assign controls directly from the Content Library hierarchy, it is recommended that you assign controls from the Organization Content hierarchy. Controls in the hierarchy that are linked or copied from the Content Library can be customized for your environment in the Organization Content hierarchy. This will also assist you in managing updates when you synchronize with changes to the Content Library