Authority Mapping with Hailey

The 6clicks Mapper is designed to allow users to map similar Provisions from different Authorities to each other for reporting purposes.

Contents:

Accessing Authority Mapping

The 6clicks Application can be powered by Hailey AI, our risk and compliance artificial intelligence engine so that you can automatically map similar Provisions at a click of a button. 

To use Hailey for Authority mapping, first head to the Compliance module.

The next step is to select the Source Authority. This is the Authority document that you will use to map to Target Authorities.

The Source to Target relationship is one-to-many, meaning you can map one Source Authority to many Target Authorities. 

Clicking on the Authority will take you to the Provisions page of that Authority. Click on the Mappings tab to be taken to the Mapper.

The Mappings tab displays two sub-tabs:

  1. All - shows all Source Provisions and their associated mappings
  2. Matched - shows all Source Provisions that are mapped to Target Provisions

Running Authority Mapping with Hailey

To run your first mapping, click the Map Provisions button on the top right.

The Select Target Authorities modal will appear, from which you can select your Target Authorities.

Note - there are two Authority lists:

  1. Hailey - this contains all Authority documents that can be used for automated Hailey mapping
  2. Manual - this contains Authority documents that can be used for manual mapping (see here)

In this article we will be using Hailey, so select a Target Authority document (or multiple documents) from the Hailey list, then click Ok.

If the mapping has previously been done, then the modal will display how many Provision matches between the Source and Target Authorities have been found.

Reviewing Authority Mappings

To view these matches, click View Results.

If the mapping has not been previously done in the 6clicks system, the modal will inform you that the scan is in progress. 

You will be notified via notification and email once the scan is complete.

Click on the notification.

You will be taken to the Mapper with the Scan Completed modal being displayed.

Click View Results.

The Mappings tab will then be updated to display:

  1. Provision Comparison section - displays Source and Target Provisions for comparison
  2. 4 sub-tabs:
    1. All - shows all Source Provisions and their associated mappings
    2. Matched - shows all Source Provisions and Target Provisions that are Matched
    3. In Both but Different - shows all Source Provisions that are similar but not Matched
    4. In Source Only - shows all Source Provisions that are unique

Matched Tab

When running a Hailey mapping, the Matched tab shows all Source and Target Provisions that Hailey considers to be a Match.

A Match is defined as 80% similar or over as determined by our Hailey Provision-to-Provision Mapping Algorithm. 

In this example, where we are mapping ISO/IEC 270091:2012 Annex A (or Source Authority) to NIST Cyber Security Framework (our Target Authority) you can see that there are 20 Source Provisions that are Matched to Target Provisions.

Looking at the list of Provisions in the Matched tab, you can explore the mappings by selecting a Source Provision and cycling through the Matched target Provisions.

Click on the Source Provision (1) you want to view. You will see that the Matched Target Provisions (2) will appear in children rows below that Source Provision. 

There are a number of key attributes to note:

  1. The number of Target Provisions matched to a Source Provision is shown in the Target Provisions column
  2. A Matched Target Provision is signified by a single dot
  3. A % Similarity is also given, which is a rating applied by Hailey
  4. The unlink button is available to remove the Match that Hailey generated

The Provision Comparison section allows you to view the details of the Source and Target Authorities respectively.

The Provision Comparison section allows you to:

  1. Cycle through Source Provisions 
  2. Cycle through Target Provisions
  3. Remove the Source and Target Provision matching
  4. View more Details

Clicking the on the view more will display the Provisions in detail. 

Here you can also cycle through the Source (1) and Target Provisions (2), as well as remove Matchings (3).

In Both but Different tab

The In Both but Different tab displays all Source and Target provision that have a % similar rating between 0.5% and 0.85%.

Hailey does not consider these as an exact Match. You can view and navigate through all similar Source and Target provisions as per the Matched tab. 

You'll note that the Source and Target Provisions that are deemed similar but not matched in the In Both but Different tab are identified by having two dots (1). If you want to Match a Source and Target Provision, you can use the Match source and target Provisions button. 

Clicking this button will move the Source and Target Provision relationship from In Both but Different to Matched in the Matched tab.

In the below example you can see that clicking the link button will change it's status to Matched. These Provisions will now appear in the Matched tab as well.

You can revert the Match by clicking the Unmatch target Provision from Source Provision buttons.

In Source Only Tab

The In Source Only tab shows all the Source Provisions that have no % similarity to the Target Provisions over 50%.

You'll note that these Provisions have two circles, one coloured and the other greyed out. 

All Tab

The All tab will now be updated to show all the relationships as per all the Hailey mappings that have been run, including Matched, In Both but Different and In Source Only.

You can also search Source Provisions by using the search bar at the top of the Mappings screen. This search bar refines the Target Provisions shown across all four tabs.

Lastly, you can remove the Target Authority from the mapper by clicking the x that appears when you hover over the Target Authority.

Once this is done, the In Both but Different and In Source Only tabs will be removed and will be left with the All and Matched tabs.

As you run more mappings, across different Target Authorities. All Matched relationships will be saved and displayed in the All and Matched tabs, even when not running a mapping.

To learn about manual mapping, head here.

To learn about Authority reporting using these mappings, head here.