How to Use the CTAaaS Spreadsheet Client
The CTAaaS Spreadsheet Client (CSC) is the user-interfacing tool that performs the CTAaaS analysis on a given system. The requirements to use this tool are as follows:
- The system being assessed must have been assigned NIST SP 800-53 (Rev 4) security controls. Meaning, it has gone through the Risk Management Framework (RMF) “security control categorization” and “security control tailoring” processes and has an established security control baseline.
- The compliance status of the applicable system’s security controls must have been assessed and the results must be documented (whether compliant or non-compliant).
Running the CTAaaS Analysis on a System:
-
Upload the Security Control Assessment via the “Upload Controls” Tab of the CSC
-
If the results are documented in a spreadsheet, then follow the instructions in the CSC to copy and paste the security controls and their compliance status
-
Note: If the results are documented in a cybersecurity control compliance tool such as eMASS, Xacta, etc., then the results must be exported to a spreadsheet first.
-
-
If the results are documented in a non-spreadsheet format (.doc, .pdf, etc.), the results can be entered into the CSC’s “Upload Controls” tab manually by
-
Highlighting each of the control’s titles (e.g. AC-3) and copying them into the “Upload Controls” tab
-
Selecting the proper compliance status for each control (e.g. “compliant” or “non-compliant”)
-
-
-
Run the Analysis
-
After uploading the control status, go to the “Data” tab of the CSC
-
Click on the “Refresh All” button
-
-
View the Results
-
The CSC will run the analysis and produce the resulting reports, which can be found in the colored tabs of the CSC
-
Training Videos
Below are 2 videos that help explain how to use the CSC.
1) An Overview of the CSC Tool
2) A Quick Start Demo to Upload New Security Controls
Troubleshooting the CSC
Run into some problems? Try the following yourself before reaching out.
*Under Construction*
Frequently Asked Questions
There will be an FAQ here