Follow

Understand: Customizing a Task's Additional Requirements

Tasks address potential problems/weaknesses in the project (e.g. P408 Weak Password Requirements). In certain cases, these problems/weaknesses pertain to specific standards/regulations (e.g. PCI-DSS and PA-DSS).

However, a common issue is that different standards have different requirements for the same problem. To help with managing these different requirements, it is possible to create Additional Requirements for a Task.

For example, PA-DSSv2 requires that a password be at least 7 characters long while COBIT4.1 requires that a password be at least 8 characters long. In this case, we can create an Additional Requirement for P408 to record this difference in requirement between different standards. Note that this differs from How-Tos in that the details of implementation is not important in an Additional Requirement.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments