There are two ways to create a custom framework: Create a New Framework or Clone & Edit an Existing Framework.

Create New Framework

To create a custom framework, first navigate to Settings followed by Manage frameworks.

Click + New framework to bring up the framework editor screen.

📘

Note

Only users with the role account owner can create, edit, and remove custom frameworks.

In the Framework editor, include the Name of the framework, a unique version, and a short description.

Then determine if the framework should be active by selecting the Enabled or Disabled Status. Activating a framework enables all polices mapped to controls within the framework, allowing them to run against the data collected from each applicable data source to check for possible violations.

Choose what type of coverage the framework should have. The coverage determines which organizations the framework will be visible to. When a framework is visible within an organization, both Account owners, and Administrators will be able to manage the framework status, Enabling or Disabling as needed.

Frameworks are organized by a series of sections which include one or more controls. Policies can be mapped to each control to enforce the rules for each control. A framework needs at least one section to function. Click the + Add section button to add a new section.

Include a Name for each section and control. Click the + Add control button to add additional controls to a section. Click and drag a control to change the order in which it displays within a section. Click the + Add policies button to add policies to a control.

Each control needs at least one mapped policy in order to enforce the properties for the control. The policy search, policy category, and data source type filter can be used to locate necessary policies.

Policies can also be mapped to framework controls via the Policy editor for an individual policy so long as the framework has already been created.

Once all framework details, coverage, sections, controls, and policies have been added, click the Save framework button to create the new custom framework. After creation, a framework can be managed by going to the Manage frameworks screen under Settings.

Clone & Edit an Existing Framework

Visit the Modifying Frameworks article for an explanation of how to create a new framework from an existing framework.