Organization vs. use case
| Level | Where | Purpose |
|---|---|---|
| Organization | Org Controls in the sidebar | Track framework scope, coverage, and control maturity for the organization as a whole. |
| Use case | The Compliance and Security tabs in a use case’s Architecture Workspace | Track the controls that apply to a specific system. |
Enable a framework
Open framework alignment
For the organization, go to Org Controls and select Add Framework. For a use case, open its workspace and select Add Framework (or the Frameworks page).
Track control implementation
Each framework tab shows its Control Requirements as a list. Expand a control to see its description, implementation guidance, underlying threat, finding, and evidence. For each control you can:- Set the status — using the update dialog, mark a control as Pending Review, In Progress, Implemented, or Not Applicable.
- Assign an owner — use Assign Owner to make a team member responsible.
- Mark not applicable — toggle Not Applicable and note why it doesn’t apply.
- Add evidence — record notes, upload a file, or add a link directly on the control. See Evidence & audits.
Findings summarize gaps for a control. You can regenerate findings across a framework’s controls with Regenerate findings and review them in each control’s detail.
Coverage and reporting
At the organization level, each framework shows coverage metrics so you can gauge maturity:- Controls in scope
- Coverage (percentage implemented)
- Implemented controls
- Missing controls
Next steps
Evidence & audits
Attach evidence to controls and manage audits and certifications.
Working with a use case
Generate an architecture and track control progress inside the workspace.