Xylok Documentation
Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage
  2. /
  3. Analysis
  4. /
  5. Control Rating Management

Control Rating Management

Xylok allows for rating the actual controls applicable to your organization directly within the Xylok Scanner. This integrated approach allows for both the technical and non-technical items under your organization to be centralized and easily imported as a group into your ultimate system of record. Ratings are tracked over time, allowing for reporting and comparison that shows trends over time.

Prerequisites are called out for each rater—these indicate the raters which the others pull data from. If you change one of the prerequisites for a rater, use “Rebuild” button for that rater to refresh with the new data.

There is a “Mark Reviewed” button at the bottom left of the modal for all of these raters. This allows the user to keep track of “reviewing” each item in the case that no actual data has changed from the last assessment. This “Reviewed” property gets automatically updated by using the “Save” button as well.

Workflow

Before using the raters and managers below, it’s generally recommended to perform all your technical Data Analysis first. Then work through the raters below. Some require others, but you can use as many or as few as meets your needs. For Authorization to Operate (ATO) purposes, the most important items are the CCI and Control raters.

CCI Rater

Scan compliance data

Full coverage of the CCI Rater can be found in the CCI Rater article.

Control Rater

CCI Rater

Full coverage of the Control Rater can be found in the Control Rater article.

POA&M Manager

CCI Rater
  1. Go to the POA&M Manager a. Click “Rebuild.” This should be rebuilt any time the CCI Rater is changed. b. Go through each row and update any non-automatic columns. Many columns are fed by the CCI rater and technical data. c. To edit multiple rows at a time, check the box in the first column. Once more than one are selected, a “Edit Selected Items” button will appear. Click that and edit the desired fields, then hit “Save”. d. With multiple rows selected, use the “Clear Selected Items” button to un-check all of the rows currently selected.

Technical Rater

Scan compliance data
  1. Go to the Technical Rater a. Click “Rebuild.” This should be rebuilt any time the status of technical data is changed. b. Go through each row and determine a likelihood based on your particular system and considerations. Enter a comment summarizing the findings under this row and why the given likelihood was chosen.

Requirements Traceability Matrix (RTM) Manager

Scan compliance data, Control Rater

Full coverage of the RTM Manager can be found in the Requirement Traceability Matrix Manager article.

gdoc_arrow_left_alt Control Rater Requirement Traceability Matrix Manager gdoc_arrow_right_alt