Capabilities Inventory and Attributes - Compliance and Regulatory Attributes for the Capabilities Inventory
Capabilities Inventory and Attributes
Chapter 27. Compliance and Regulatory Attributes for the Capabilities Inventory
Compliance and Regulatory attributes capture the regulatory obligations that apply to this Capability, the current compliance status, and audit history.
| Attribute Name | Maturity | Description and Notes |
|---|---|---|
| Regulatory Obligations [Multi-Value] | Walk | Description — The specific regulatory requirements, laws, or compliance frameworks that apply to the performance of this Capability. Benefit(s) — Connects the capability map to the regulatory compliance landscape. Source — Manual Examples — SOX Section 404; GDPR Article 17; PCI-DSS Requirement 6; HIPAA Security Rule Notes — Separate multiple obligations with semicolons. |
| Compliance Status | Walk | Description — The current compliance status of this Capability with respect to its applicable regulatory obligations. Benefit(s) — Enables a compliance dashboard at the capability level. Source — Manual Examples — Compliant, Partially Compliant, Non-Compliant, Under Assessment Notes — Valid values: Compliant, Partially Compliant, Non-Compliant, Under Assessment. |
| Last Compliance Audit Date | Walk | Description — The date on which this Capability’s compliance posture was most recently audited under its applicable regulatory framework. Benefit(s) — Supports the compliance dashboard with an audit trail. Surfaces Capabilities whose audit is overdue. Source — Manual Examples — 2026-02-10, 2025-08-22 Notes — Use Not Applicable when no compliance audit has occurred or the Capability is not subject to formal audit. |
Copyright for the International Foundation for Information Technology (IF4IT): 2008 - Present
Legal Disclaimers