You have chosen to sponsor your bid up to a maximum amount of .
• The following frameworks must be incorporated into the backend system with the current mappings that exist today:
o Health Insurance Portability and Accountability Act (HIPAA)
o Health Information Technology for Economic and Clinical Health (HITECH)
o Payment Card Industry (PCI)
o Cloud Security Alliance (CSA)
o Federal Information Security Management Act (FISMA – NIST SP800-53)
o Generally Accepted Privacy Principles (GAPP)
o ISO/IEC 27001-2005
2. Framework database mapping
• The database and the system should allow for the mapping of each framework to multiple frameworks and vice versa. Each framework should be uniquely identified, have multiple risk areas and multiple criteria associated to each risk area. The criteria should be mapped to criteria in other frameworks to a many to many type of relationship.
• The system should be able to provide the following reports:
o Single Mapped Criteria report – This report should allow the users to select two frameworks and show where the criteria between the two fameworks match.
o Unmapped criteria report – This report should show where the criteria from one framework does not have a match to another frame work.
4. Input capabilities:
• The system should provide the ability to load a framework, the criteria area, and the criteria up to the system.
• The system should provide a manual input screen which will allow them the following:
o The ability to create a new framework
o The ability to add a criteria area
o The ability to add criteria to the criteria area
o The ability to update a criteria area
o The ability to update the criteria
o The ability to remove criteria
• The system should provide a mapping screen and allow a user to do the following:
o Select a framework to map and select a secondary framework to map to
o List all the criteria areas and criteria within the selected frameworks and allow the users to drag a framework criteria and drop it to a match in the other framework. It should allow the user to drag the selected criteria to multiple criteria in the other framework.
o The mapping screen should also allow a user to create a new framework, criteria area, and criteria within the screen and map it to the other framework they selected to map