This recipe provides advice and examples on how to read an authority document and extract the requirements it contains. In addition, the recipe will provide examples on how to translate those requirements into controls.
Obtain the authority documents that you want to focus on. Most of them are available on the Internet.
Work through the previous recipes Planning the scope of a compliance program and Understanding possible controls for compliance.
The key is to understand the authority documents. The first step is to extract the required control objectives or the goal(s) and, based on the required evidence or activities, to define the control activities. After identifying ...