As part of the research project CyFORT1, today itrust consulting published OpenARIANA2, developed as a successor of the in-house built ARIANA software, a Microsoft Word Add-in supporting the user, among other things, in generating policies and audit reports.
OpenARIANA was developed to address the repetitive task of creating policies, particularly Information Security policies. These documents often consist of standardized text that needs to be tailored and extended to individual customers’ requirements. By integrating closely with Microsoft Word, OpenARIANA streamlines the process of document creation and customization in professional settings. It offers a user-friendly interface that enhances productivity and reduces manual effort, making the adaptation of standardized policies to specific client needs both efficient and reliable.
The tool sequentially reads text from each row of an Excel table—constructed from a regulation or standard—and applies the style defined in the column headings. The tool can handle tags to create enumerations and bullets or some customized styles. The tool also allows replacing other tags by customer specific data, e.g. ‘#Organization’ by the name of the organization creating the document.
itrust maintains a repository of ISMS standards like ISO 2700x in a structured format compatible with OpenARIANA. Users who wish to access these standards can contact us at email@example.com. Please include proof of eligibility for the standard, such as a payment invoice. Upon verification, we will provide the structured standard free of charge.
As a CyFORT sub-project, CS-GRAM3 delivers a toolset comprising OpenARIANA, providing cloud security governance features such as policies, risk assessment models, audit templates, and KPI. It aims to incorporate the use of the Open Security Controls Assessment Language (OSCAL), developed by NIST. OSCAL is a standardized, data-centric framework for documenting and assessing security controls. This will bring us a step closer to achieving our goal of automating security assessment, auditing, and continuous monitoring. Finally, ISO content, typically expressed in natural language, will be converted into a machine-readable format, leveraging structured data to enable easier integration with existing tools.
1 Cloud Cybersecurity Fortress of Open Resources and Tools for Resilience.
2 Open Assistance for Reporting on Information system Audits with Normative Assessment.
3 Cloud Services-Governance, Risk management, Audit, and Monitoring.