Framework Coverage

Overview

The Framework Coverage Explorer is a powerful visual tool designed to bridge the gap between regulatory requirements and technical evidence. It allows your organization to map internal monitoring capabilities (Dashboards and KPIs) directly to industry-standard compliance frameworks like NIST CSF, PCI-DSS, and CIS Controls.

With this explorer, compliance leads and auditors can:
- Visualize Coverage: Instantly see which regulatory controls are actively monitored (supporting evidence) and which are "blind spots."
- Navigate Frameworks: Explore the complex hierarchy of categories and subcategories within major frameworks.
- Access Evidence: Jump directly from a framework requirement to the live dashboard providing the evidence.
- Drive Remediation: Identify coverage gaps to prioritize the creation of new monitoring dashboards.

Getting Started

To access the Framework Coverage Explorer, navigate to Knowledge Base > Framework Coverage in the sidebar or go to:
/compliance/framework-coverage

1. Framework Navigation

The platform supports multiple industry frameworks, each organized by its native hierarchy.

• Framework Tabs: At the top of the page, switch between active frameworks (e.g., NIST CSF v2.0, PCI-DSS v4.0.1, CIS CSC v8.1).
• Metadata: Each tab displays the framework name and its specific version, ensuring you are documenting against the correct regulatory standard.

2. Controls & Monitoring Coverage

The left panel displays the Control Tree, representing the full structure of the selected framework.

Exploring the Hierarchy:

• Nested Categories: Click the chevron icons to expand/collapse categories (e.g., NIST "Identify" -> "Risk Assessment").
• Search & Filter:
• Use the search bar to find specific control IDs (like PR.AT-01) or keywords (like vulnerability).
• Show only controls with monitoring coverage: Toggle this checkbox to hide any controls that do not currently have a mapped dashboard. This is the fastest way to see your "active" compliance footprint.

Understanding Coverage Signals:

• Highlighting: Controls that are actively monitored are visually distinguished.
• Coverage Metadata: The interface indicates whether a control is supported by automated signals or requires manual external processes.

3. Dashboard Evidence Panel

When you select a control in the tree, the Dashboard Panel on the right populates with the associated evidence.

• Mapped Dashboards: Displays a list of all dashboards providing data for the selected control.
• KPI Previews: See a real-time snapshot of the primary KPI status (e.g., "Vulnerability Compliance: 94%") directly within the panel.
• One-Click Jump: Click on any dashboard card to navigate directly to the full interactive Tableau dashboard for deep-dive analysis.

4. Auditor Readiness & Gap Analysis

This explorer is specifically designed to facilitate conversations with auditors.

For Internal Audits:

• Gap Identification: By unchecking "Show only controls with monitoring coverage," you can identify regulatory requirements that currently lack automated evidence. These represent your "Compliance Gaps."
• Readiness Reviews: Use the explorer to walk through each framework category with control owners to ensure the mapped dashboards accurately represent the control's intent.

During External Audits:

• Evidence Mapping: Instead of searching for spreadsheets, use the explorer to show auditors exactly how a requirement (e.g., PCI Requirement 11.3) is satisfied by a specific, live monitoring signal.
• Transparency: The direct link between framework requirements and technical data sources provides high-integrity supporting evidence of "Compliance by Design."

5. Integration with the Knowledge Base

The Framework Explorer works in tandem with the Control Knowledge Base:
- While the Knowledge Base provides the narrative (Who owns it? What is the policy?), the Framework Explorer provides the structural mapping (How does this satisfy NIST?).