Best practices and example usage
The Jira Service Management (JSM) receptor allows you to attach JSM issues as evidence to controls you select. The issues are determined by a JSM Queue. To get JSM issues evidence onto a control, simply create a queue in JSM to select the issues that are relevant and then map the queue to the controls.
Best Practices
- Streamlined Queues:
- Relevant: select JSM issues that are relevant to the particular control you want to link it to. Adding unnecessary JSM issues to a control will make interacting with it, evaluating it, etc., slower.
- Time bound: consider limiting the JSM to the relevant time of a given audit. E.g., no need to return all JSM issues, when just getting issues since the beginning of an audit will do.
- Use labels, projects, components or other fields to organize JSM issues. This makes it easier to retrieve the relevant JSM issues for controls by limiting the filter to just a given value on the given field.
Example Scenario
For example, take a control for user access requests:
IAM02 User Access Authorized by Management
Access rights are properly assigned and approved by management based on job title and responsibilities.
It needs a list of user access request issues as evidence. These could be tracked as issues in JSM. To provide evidence for the control, simply create a queue that selects the issues in JSM and associate it with the IAM02 control in the Trustero JSM Receptor.
1. Create a Queue
-
- On the left navigation bar select Queues
- Select Queue Settings
- Click Create Queue button
2. Configure the Queue with the desired filters and tags to identify the issues to be imported as evidence
3. Map control(s) to queue(s) - JSM receptor config with IAM02 mapped to queue created
4. Evidence is automatically added to the control(s)
