Could you use a Mother of All Control Lists (MOACL)?
With the multitude of different compliance efforts an organization could be subjected to, it is not uncommon to hear confusion on what may or may not apply. What compliance regulations does the organization fall under? What must the organization do to meet a specific compliance effort and not conflict with a separate one? How can the organization know it is meeting required compliance controls? Can anything be done to reduce the amount of work needed to meet these objectives? The answers lay in the details of the many controls of each of these efforts and the ability of technology practitioners to find commonalities that will ease redundant testing. By reviewing each of the compliance frameworks, technologists can define a set of generic controls such that when a control is met for one objective it can meet additional objectives in other compliance frameworks. The creation of the Mother of all Control Lists (MOACL) will be a one-to-many relationship between a general control and varying compliance controls.
The current version of the MOACL is being updated for several new compliance directives such as GDPR. Please check back for the new posting that can be found here.