CSC Guide

How to Use the CTAaaS Spreadsheet Client

 

The CTAaaS Spreadsheet Client (CSC) is the user-interfacing tool that performs the CTAaaS analysis on a given system.  The requirements to use this tool are as follows: 

  • The system being assessed must have been assigned NIST SP 800-53 (Rev 4) security controls.  Meaning, it has gone through the Risk Management Framework (RMF) “security control categorization” and “security control tailoring” processes and has an established security control baseline. 
  • The compliance status of the applicable system’s security controls must have been assessed and the results must be documented (whether compliant or non-compliant). 

Running the CTAaaS Analysis on a System: 

  1. Upload the Security Control Assessment via the “Upload Controls” Tab of the CSC 

    1. If the results are documented in a spreadsheet, then follow the instructions in the CSC to copy and paste the security controls and their compliance status

      1. Note: If the results are documented in a cybersecurity control compliance tool such as eMASS, Xacta, etc., then the results must be exported to a spreadsheet first.

    2. If the results are documented in a non-spreadsheet format (.doc, .pdf, etc.), the results can be entered into the CSC’s “Upload Controls” tab manually by

      1. Highlighting each of the control’s titles (e.g. AC-3) and copying them into the “Upload Controls” tab

      2. Selecting the proper compliance status for each control (e.g. “compliant” or “non-compliant”)

  2. Run the Analysis

    1. After uploading the control status, go to the “Data” tab of the CSC

    2. Click on the “Refresh All” button

  3. View the Results

    1. The CSC will run the analysis and produce the resulting reports, which can be found in the colored tabs of the CSC

 


Training Videos

Below are 2 videos that help explain how to use the CSC.

1) An Overview of the CSC Tool

2) A Quick Start Demo to Upload New Security Controls


Troubleshooting the CSC

Run into some problems?  Try the following yourself before reaching out.

*Under Construction*


Frequently Asked Questions

There will be an FAQ here


Still Having Trouble?

Request Technical Support