Single-user edition. A STREAM database configured with PCI DSS v2.0 content for use with the free single-user version of Acuity's GRC software solution, STREAM Integrated Risk Manager (Version 2.0)
I am trying to assess controls on the Control Assessment screen, but there are no controls showing in the sections...
You can access the Control Assessment screen if you are a member of the Control User role. Otherwise this menu item will be grayed out.
With membership of the Control User role, you may still find that there are no controls shown for you to assess.
A STREAM System Administrator needs to configure precisely WHICH control-assets you should have permission to assess. Then these control-assets will appear for assessment in the relevant sections on the Control Assessment screen.
This configuration is made using the Settings --> User Management screen.
On the User Administration screen, all Control Users have a 'C' showing in the third displayed column. Click on this 'C' to configure the control-assets which this user should be able to assess.
Click on any part of the hierarchy, e.g. a particular Register or Workspace, or on the Enterprise level. The right-hand panel will then show how many controls are applicable to assets assigned to that part of the business model. The number of controls which the user current has permission to assess is shown after each section, with the total number of control-assets shown in brackets afterwards. For example 0 (100) means that there are 100 controls which are applicable to assets for the selected part of the business, but currently this user has no permission to assess any of them.
Click on Check All to add permission to assess them all. Use Uncheck_All to remove permission. You can also drill down into the control section hierarchy to view the control-assets, and to make detailed adjustments to these permissions. Use the Save button before selecting a different part of the business hierarchy.
Using the Control Group
When new assets are added into STREAM, and assigned to a particular area of the hierarchy, you will probably NOT want to have to visit this screen each time in order to add permission to assess controls to those new assets. Instead, you can use the Control Group facility to achieve an automatic assignment of permission for all future assets added into STREAM. Just tick the Control Group box for the particular part of the hierarchy. As with all permissions matters, this Control Group setting applies only to the user currently being configured.
Use of the Control Group facility is covered in the application specific training provided with STREAM Applications downloaded from the Acuity website.
Assigning Permissions in Other Ways
Using the Control User screen as above, you can easily set permissions based on the business hierarchy.
If you wish to set permissions in other ways, e.g. for an entire Control Standard (or part of it), by Asset, or by Asset Class, then you need to use the STREAM Extended Permissions Manager facility, http://www.acuityrm.com/store/extended-permissions-manager.
This is available to STREAM Subscribers, and can be downloaded by Subscribers (Free of Charge) from the Store.