Skip to main content

Framework View

Katie
Updated

Framework View provides the predictive and attested assessment results in addition to mapping this data to industry-accepted frameworks, threat profiles, and MITRE ATT&CK scenarios. It supports your organization in evaluating a company's risk through a "lens" that is meaningful to your business and its needs. 

Table of Contents

Framework View Blended Attested Assessment Data

If available, you can map to either predictive or attested data. Attested data consists of a blend of the attested control data available to you per a total sum of all requests and approvals on a given third party. Where attested control data is lacking, predictive data is supplemented to create a complete mapping data set.

If you have attested data available for each control included in the selected mapped framework, you would expect to see each framework control mapped to attested controls data. Alternatively, if the selected mapped framework consists of only those controls you do not have attested data available for, you can expect to see predictive controls data used for the entire mapped dataset. 

Additionally, if a third party has approved your assessment request but has not yet completed all of the included questions, you will gain immediate access to their results as soon as they submit them at any stage throughout the process. 

 

How to Use - Mapping to a Third Party's Assessment

  1. Navigate to a third party's company profile page by clicking into the “Third Party Portfolio” icon Screenshot 2025-03-03 at 10.42.36 AM.png on the left side menu.

  2. Review the requests/share table for your third party's name. If you don't see it on the first page, use the search bar to look up their name in the requests/share table.

    Screenshot 2025-03-31 at 4.52.13 PM.png

  3. Click on their name to view their profile page and select the Risk Profile tab to access Risk Navigator. 

    Screenshot 2025-03-31 at 4.49.47 PM.png
  4. From the drop-down, select a framework to map to. You may also search by keyword in this space. It is organized by the available mapping groups (ie Frameworks, Industry standards, Threat Profiles, etc.).

    Note: By default it will automatically map to the ProcessUnity assessment framework organized by NIST Risk Domains found in our current assessment model. If interested in viewing the results through the lens of the old assessment model, this is the recommended framework, ProcessUnity Cyber Risk Questionnaire: Legacy.

    Screenshot 2025-02-05 at 3.06.43 PM.png
     
  5. How do I choose to map to predictive or blended attested assessment data?
    • By default, if you do not yet have attested data access you can only map to their predictive assessment. It will automatically check the 'Predictive Data Only' box. 
    • If the company does have attested data available per your request(s), then by default, it will map to all the attested controls available.
      • If you want to map to predictive data alternatively, select the 'Predictive Data Only' box. 
    • Framework View is not available if you do not have either a predictive or an attested assessment available to map to. 
  6. Once you have selected a framework, the table will populate with the mapping results.
  7. You may download the data in the form of a PDF, an excel, or a CSV:
    • By default, selecting "Download (PDF)" will initiate a PDF report generated using the selected mapped framework. This Cyber Risk Analysis Report provides Third-Party risk data in a consumable, formal downloadable report that contains summary-level information to provide a quick overview of a given company’s risk posture. 
    • To download an excel file, select the drop down next to the download button, then select "Download (XLSX)".  Select the download button, and it will download an Excel file onto your device containing the mapping contents and additional data not found on this table. The Excel file contains summary risk data, framework control data, and a list of helpful definitions for the terms and data found throughout.
    • Select the 'Export' button, and it will download a CSV file onto your device containing the mapping contents. 
       

To learn more about the PDF report and excel export, refer to this article.

Screenshot 2025-02-07 at 11.31.51 AM.png

 

How to Use - Mapping to your own company's assessment

Upon sharing your assessment in response to a Customer request for a questionnaire, Framework View allows the recipient to translate the assessment to several industry frameworks such as GDPR, CCPA, NIST 800/CSF, HIPAA, etc. This means customers are more likely to accept an assessment that conveniently fits their accustomed frameworks. Customers are also able to map to your predictive assessment at any time. 

  1.  Navigate to the Framework View tab of your Company Profile Page by selecting your initials in the top right corner of the platform, then selecting 'Manage my company profile'.

    Note: You may also navigate to this page from within the Results tab of the Assessment Dashboard through the provided link.
     

  2. From the drop-down, select a framework to map to. You may also search by keyword in this space. It is organized by the available mapping groups (ie Frameworks, Industry standards, Threat Profiles, etc.).

    Note: By default it will automatically map to the ProcessUnity assessment framework organized by NIST Risk Domains found in our current assessment model. If interested in viewing the results through the lens of the old assessment model, this is the recommended framework, ProcessUnity Cyber Risk Questionnaire: Legacy.


    Screenshot 2025-12-03 at 10.21.13 AM.png

  3. How do I choose to map to predictive or attested assessment data?
    • By default, if you do not yet have attested data you can only map to their predictive assessment. It will automatically check the 'Predictive Data Only' box. In order to generate attested data you must submit your assessment answers. 
    • If you do have attested data available, then by default, it will map to all the attested controls available.
      • If you want to map to predictive data alternatively, select the 'Predictive Data Only' box. 
    • Risk Navigator is not available if you do not have either a predictive or an attested assessment available to map to.  
  4. Once you have selected a framework, the table will populate with the mapping results.
  5. You may download the data in the form of a PDF, an excel, or a CSV:
    • By default selecting "Download (PDF)" it will initiate a PDF report to be generated through the lens of the selected mapped framework. This Cyber Risk Analysis Report provides Third Party risk data in a consumable, formal downloadable report that contains summary level information for the purposes of providing a quick overview of a given company’s risk posture. 
    • To download an excel file, select the drop down next to the download button, then select "Download (XLSX)".  Select the download button, and it will download an Excel file onto your device containing the mapping contents and additional data not found on this table. The Excel file contains summary risk data, framework control data, and a list of helpful definitions for the terms and data found throughout.
    • Select the 'Export' button, and it will download a CSV file onto your device containing the mapping contents. 

To learn more about the PDF report and excel export, refer to this article

Screenshot 2025-02-07 at 11.31.51 AM.png

 

Recently Added Frameworks

The Framework View tool has 60+ different industry standard frameworks. Here are a few of our newest additions.

Recently Added and Updated

  • FedRAMP
  • SIG v2025
  • Cloud Security Alliance CCM
  • CAIQ v4.x
  • UK Cyber Essentials

Explore the Framework List to see what else is offered!

Was this article helpful?

0 out of 0 found this helpful
Return to top

Related articles