Building Standards - bapControl Component Builder

By Jeffrey LushSep 3, 2017


The bapFramework is installed by customers to provide an accountable security environment. The framework operates on components, called bapComponents. There are several types of bapComponents that are used within the bapFramework. Some of the bapComponents include bapControls (Security Controls), bapInterview (Interviews to assist a customer through the process), and bapBaselines (A collection of security controls to establish a consistent security environment).The screen you are on will assist you in creating a bapControl, one of the bapComponents. When completed, you will have the option to place the bapComponent on the bapMarketplace for sale to others that own a bapFramework. Alternatively, you can email the component to yourself (for highly secure environments) or to a friend to be used within their bapFramework.Remember that you are creating a bapControl Component for others (or yourself) that will be used within a bapFramework. Have fun!

Find / Create a bapControl

Before you begin to create a new bapControl, let's see if it has already been created. Feel free to use the Search box below to find controls in your bapFramework (if you have one) or on the bapMarketplace (if you have internet access) or both the bapFramework and the bapMarketplace. OR, scroll through the controls we have discovered.If you have discovered the desired control, great. You can select the icon to the right of the control name for a preview, double click to edit the file if it resides within your bapFramework, or if the control is discovered in the bapMarketplace, you can proceed to purchase the control. If none of these options work for you, no problem… select the create button to create a new bapControl.

bapControl Component Builder

Alright, you have selected to create a new bapControl. Let's walk through the process.Name the Control: Every control will need a name. Typically the control is named specific to a standard, for example, if you are using ISO 17799 11.1.1, you may name the control ISO 17799 11.1.1, or the same control for NIST may be AC-1, or PCI DSS v2 using PCI 12.3.2. Whatever you choose. Will work. There may be duplicate names and that is alright. This is a marketplace… so quality and price matter. Weight the Control: The weight of the control is the impact that the control will have in your environment. For example: If the control talks about data encryption of large data sets, although your "service" (the IT service you are providing like email or accounting) stores no data, you would most likely give the control a weight of 1, as a data encryption control is not as important to the security of your service. On the flip side, if the "service" you are providing has large data sets, and the control talks about data encryption, you may set the control weight to 9 or 10. You will be able to adjust the weight of the controls when you create baselines, so be confident that your weight is good for now. Control Language: The control language is the requirements for security. Many customers use NIST to build their security controls. Look at a few of the controls within the bapFramework and bapMarketplace to get a better idea.