Uploading and Managing Evidence for your System Package

From the system package dashboard, you can click the Documentation menu and choose Evidence Listing to show all evidence uploaded for your system package. From here you can tag, edit, view, or download your evidence as well as bulk tag the records. Click the green + icon to show additional data such as last updated date, file size, and file name uploaded.

You can click on any referenced POAM, Compliance Statement, or Checklist Vulnerability to go to that specific record and click the green + icon to expand the details to view evidence for that record.

To view evidence in the particular areas for Checklist Vulnerability, Compliance Statement, or POAM record click the green + icon and the details will show like the example vulnerability listing below. Click the linked title to download the file. And if you have editing rights on that record or area, you can click the red X to delete the evidence as well.

Types of Evidence

There are four main types of evidence:

• General evidence relate to general files tied to the system package overall or in several places, not just a specific Checklist Vulnerability or POAM item or Compliance Statement
• Checklist Vulnerability evidence relates to a specific checklist vulnerability Id
• POAM evidence relates to a specific POAM record entry
• Compliance Statement evidence relates to a particular compliance statement tied to a CCI

You can upload several types of files for each of these types of evidence. General evidence upload can use up to 20 files at a time. The other types are tied to an individual item and must be done 1 at a time. More information on this process is below.

Types of files allowed up to 200 MB per file:

• .docx
• .pptx
• .vsdx
• .xlsx
• .txt
• .rtf
• .csv
• .pdf
• .png
• .gif
• .jpg
• .jpeg
• .xml
• .nessus
• .ckl
• .zip
• .json

Uploading General Evidence

If you have a general file to add as evidence you can click the Upload Evidence item from the Documentation menu on the system package dashboard. The familiar upload drag-n-drop area is presented to upload up to 20 files at a time. The filename will be used for the title and a general description is filled in as well. You can edit the evidence from the listing page once uploaded.

You must be a System Owner for the system package to upload, edit, tag or delete general evidence.

Uploading POAM Evidence

To upload any evidence for a POAM record, go to the POAM listing and click the ... menu on the far right of the POAM record listing. Click the Add Evidence menu option and you are presented with a window to enter a title, description, and select 1 file at a time. Fill in the information and click the Upload button to save this evidence. To add more evidence repeat these steps for each file.

The evidence is shown when you click the green + icon for the POAM record near the bottom of the details. From there you can click the title to download it or click the red X to remove it.

You must be a System Owner or POAM Editor for the system package to upload POAM evidence.

Uploading Checklist Vulnerability Evidence

To upload any evidence for a Checklist Vulnerability record, go to the checklist and click on the Vulnerability record, making sure it is not locked.

Click the Evidence button and you are presented with a window to enter a title, description, and select 1 file at a time. Fill in the information and click the Upload button to save this evidence. To add more evidence repeat these steps for each file. The evidence is shown when you click the green + icon for the checklist vulnerability record near the bottom of the details. From there you can click the title to download it or click the red X to remove it.

You must be a System Owner, Checklist Creator, or Checklist Editor for the system package to upload Checklist Vulnerability evidence. This also can be done at the Team Subpackage area with similar Checklist Creator or Checklist Editor privileges at that level.

Uploading Compliance Statement Evidence

To upload any evidence for a Compliance record, go to the Compliance Statement listing and click the ... menu on the far right of the statement record. Click the Add Evidence menu option and you are presented with a window to enter a title, description, and select 1 file at a time. Fill in the information and click the Upload button to save this evidence. To add more evidence repeat these steps for each file.

The evidence is shown when you click the green + icon for the compliance statement record near the bottom of the details. From there you can click the title to download it or click the red X to remove it.

You must be a System Owner for the system package to upload Compliance evidence.

Editing Evidence Records

If you wish to edit the title, description, or tag of an individual evidence record click the ... menu to the right of that listing and click the Edit option. A window appears allowing you to edit that information and then click the Save button. Note that only System Owners of the system package are allowed to edit records from this screen.

Downloading Evidence

If you wish to download the file for evidence, click the ... menu to the right of evidence listing and choose Download. The file will be downloaded for you in the proper format for use.

Deleting Evidence

If you wish to delete an individual evidence record click the ... menu to the right of the record and choose the Delete option. Verify the deletion by clicking OK and the record and associated file are deleted from your system package.

Bulk Operations on Evidence

You can perform bulk download, delete, or editing tags from the evidence listing page as well. Click the checkbox next to the listing and then select an option from the bulk items dropdown.

If you choose to download, all files selected are downloaded in one larger ZIP file for your use.

---