Requirements represent both the legal requirements and professional standards that the organization is expected to adhere to successfully mitigate security risks. For example, a sub section about patrols might contain requirements about the specific types of patrols officers should make before the end of each shift. Requirements can be attached to either sections or sub-sections. Once a requirement has been added to the section or sub-section, it can be updated at any time.
To update a requirement:
Log into a user account from the Security Assessment Team user group.
Open the section or sub-section that contains the relevant requirement.
Click the relevant requirement in the Requirements section to open the Requirement Review palette.
Complete the Requirement Name field.
Complete the Description field.
In the Details tab:
Guidance field: Enter any guidance needed for the requirement to be marked as complete/incomplete.
Requirement Owner field: Begin typing usernames, then click to select a user to assign to this requirement.
Inherent Impact dropdown list: Select the organizational impact that failing to meet this requirement could have.
Inherent Likelihood dropdown list: Select how likely the requirement is to lead to a negative impact.
In the Scoring tab, enter the maximum score the requirement can be given in the Maximum Score field.
In the Weighting tab, adjust the value in the Weighting field to reflect the percentage of the total section or sub-section this requirement should take up. All requirements in each section or sub-section should equal 100%.
Optional: Add comments, as needed.