In this article:
Assessment Data Import
Axio360 allows data import for supported assessment models. This allows users to migrate their manual assessment data into Axio360. An assessment import template is available for download from the Axio360 product.
The Target Source drop-down on the New Assessment modal should not be used during initial assessment creation via import workflow. If a target profile is supposed to be applied, create and save the assessment first and afterward apply a Target Profile.
Downloading the Import Template
To download a template:
- In Axio360, navigate to Assessments.
- Select, for example, a New C2M2 v2.1 Assessment.
- On the New Assessment modal, scroll to the AssessmentTemplate download link.
The following models do not support the import option via template:
- C2M2 (previous versions)
- CMMC
- CMMC v2
- CRI
- FFIEC1
- ISO 27001
- RPA (Ransomware)
Data Structure
The template file has 5 data sheets:
- Responses
- Action Items
- Notes
- Links
- Owner Rationale
Each datasheet has a different set of columns to match the model structure on import.
- The names of the data sheets and the column names on each sheet are mandatory and need to match.
- The Practice FQNs are formed based on abbreviated Domain, Category, and Practice references. Those building blocks of the IDs are visible in the Axio360 UI when looking at an assessment. Domains and category names are used to create an abbreviated match.
- Dimensions are identified by lowercase letters, starting with
a
. If a model uses four dimensions,a
,b
,c
, andd
are used. - Dates are in yyyy-mm-dd format. This column should be formatted as a text column to prevent Excel algorithms from changing the data structure.
- Certain columns expect states reflected via TRUE/FALSE value. This column should be formatted as a text column.
Responses Sheet
Columns | Description |
---|---|
Practice FQN | The Practice FQNs make up the first column of each data sheet. These have to match the model reference IDs, which are the Domain, Practice and Control identifiers. For example, DE.AE.1 .Where, - the first two letters identify the domain, such as ID for Identity, DE for Detect, etc. - the second set of letters identify the category, such as AM for Asset Management, SC for Supply Chain Risk Management, etc. - the number identifies the control. |
Practice Name | The actual name of the practice is reflected in the UI title. |
Current Level | Your assessment’s current level of compliance. For a NIST CSF assessment the data to answer are abbreviations for - not implemented = NI ,- partially implemented = PI ,- largely implemented = LI , and- fully implemented = FI . |
Target Level | Your assessment’s target level of compliance. For a NIST CSF assessment, the data to answer are abbreviations for - not implemented = NI ,- partially implemented = PI ,- largely implemented = LI , and- fully implemented = FI . |
Target Date | Your target date for achieving the target level of compliance. |
Company Help Text | Any company-specific help text. |
Dimension | If dimensions are used, for example, in a CIS assessment, they are specified and mapped as - a for Policy Defined- b for Control Implemented- c for Control Automated or Technically Enforced- d for Control Reported to Business |
Action Items Sheet
Columns | Description |
---|---|
Practice FQN | Refer to Practice FQN description for the responses sheet. |
Text | The action item scope/instruction. |
Due Date | Identifies when the action item is due. |
Is Done | Indicates a status of done for that particular action item. This column accepts TRUE or FALSE as entries to reflect is done as TRUE. |
Done Date | Indicates when an action item is complete. |
Assignee | Name or email address of the person assigned to the action item. |
Practice Name | The actual name of the practice is reflected in the UI title. |
Is Linked | Links to artifacts or references. |
Notes Sheet
Columns | Description |
---|---|
Practice FQN | Refer to Practice FQN description for the responses column. |
Text | Plain text. |
Is Internal | This column accepts TRUE or FALSE as entries to reflect is internal as TRUE. |
Author | Name of person entering the note. |
Tags | Tags for the notes as a comma-delimited list. |
Practice Name | The actual name of the practice is reflected in the UI title. |
Links Sheet
Columns | Description |
---|---|
Practice FQN | Refer to Practice FQN description for the responses column. |
Author | Name of person entering the links. |
Location | File path or URL. |
Name | The friendly name for the link display in the UI. |
Owner Rationale | Evidence data. |
Rationale Author | Evidence data. |
Rationale Timestamp | When the evidence was added. |
Evidence Help Text | Any customer-provided help text for the provided evidence. |
Practice Name | The actual name of the practice is reflected in the UI title. |
Owner Rationale Sheet
Columns | Description |
---|---|
Practice FQN | Refer to Practice FQN description for the responses column. |
Author | Name of person entering the rationale. |
Rationale | Plain text. |
Timestamp | Date rational was entered. |
Practice Name | The actual name of the practice as reflected in the UI title. |
Creating an Assessment via Import
- Navigate to Assessments.
- From the bottom of the navigation menu, use the New Assessment option.
- On the new assessment modal, enter a name and description for your assessment.
-
Scroll to the Upload Assessment Answers from Excel section.
- Use the Drag files or click here option to import/select your data source file.
-
Axio360 inspects the data source and provides a list of errors found in the file. Resolve errors before proceeding with the import.
Click Cancel and return to your source file to fix any listed issues.
Repeat the import steps until all errors are resolved or you feel comfortable that you can fix any issues after the import completes.