Record of Processing Activities 
Transfer Impact Assessment 
Privacy Impact Assessment 
Cybersecurity Controls 
Cybersecurity Risk Management 
Interactive Awareness Program Unicis Apps
CSC — Cybersecurity Controls for Jira - Unicis.Tech OÜ Docs
Multi-framework cybersecurity control tracking and GAP analysis app for Atlassian Jira Cloud.
The Cybersecurity Controls (CSC) for Jira is an enterprise-ready solution that provides a comprehensive set of baseline security controls embedded directly in Jira Cloud. It enables organizations to assess, track, and improve their cybersecurity posture using industry-recognized frameworks, while using existing Jira issues as evidence for control implementation.
Demo
Watch the demo video on Vimeo: https://vimeo.com/792355047 (1
minute)Supported Frameworks
| Framework | Description |
|---|---|
| MVSP v1.0 | Minimum Viable Secure Product — baseline B2B security checklist |
| ISO/IEC 27001 & 2022 | Information Security Management System |
| NIST CSF 2.0 | NIST Cybersecurity Framework |
| EU NIS2 Directive | EU Critical Infrastructure Cybersecurity |
| GDPR | General Data Protection Regulation |
| CIS Controls v8.1 | CIS Critical Security Controls |
| SOC 2 | Service Organization Control 2 |
| C5 | Cloud Computing Compliance Controls Catalogue |
| OWASP ASVS | Application Security Verification Standard |
Features
- Assign the CSC app to one or more Jira projects
- Link multiple Jira issues as evidence for each control requirement
- Interactive dashboard with pie chart and radar (maturity) charts
- Filter controls by section, control name, and status
- Multi-project support with a unified dashboard across all assigned projects
Requirements
- Atlassian Jira Cloud (not available for Server or Data Center)
- Requires read, write, manage, and storage access to your Jira account
- All data is stored in your Atlassian Cloud instance — not shared with Unicis
Installation
Install from the Atlassian Marketplace.
Configuration
- Click Apps → Manage your apps
- Under APPS on the side panel, click Cybersecurity Control Settings
- Select your Framework control from the dropdown
- Click Add Project to assign Jira projects
Available action per project:
- Delete — removes the project from CSC
Dashboard
Access the dashboard:
- Jira Software project: Select Cybersecurity Controls Dashboard on the left sidebar
- Jira Business project: Select from Apps → Cybersecurity Control Dashboard in the top menu
Charts
- Pie chart — distribution of control statuses as a proportion of all controls
- Radar chart — security maturity levels per domain, based on ISO/IEC 21827
Controls Table
| Column | Description |
|---|---|
| Code | Framework code, e.g. MVSP-1.1 |
| Section | Domain or section, e.g. Business Controls, Application Design Controls |
| Control | Control name, e.g. Training, Self-assessment |
| Requirements | What must be set up and put into practice |
| Status | Current maturity level (dropdown) |
| Tickets | Linked Jira issues as evidence (dropdown selection from project issues) |
Maturity Levels (ISO/IEC 21827)
Maturity level is based on ISO/IEC 21827
— Systems Security Engineering — Capability Maturity Model:| Status | Meaning |
|---|---|
| Unknown | Has not been checked yet |
| Not Applicable | Management has determined this can be ignored |
| Not Performed | Complete lack of recognizable policy, procedure, or control |
| Performed Informally | Development barely started; requires significant work |
| Planned | Progressing but not yet complete |
| Well Defined | Mostly complete; detail lacking or not yet actively enforced by management |
| Quantitatively Controlled | Complete; implemented and recently started operating |
| Continuously Improving | Fully satisfied; actively monitored with substantial auditor evidence |
Add a Control from a Jira Issue
- Open a Jira issue
- Click the CSC logo icon in the issue panel menu
- Select a control from the dropdown in the format:
CODE: Section, Control name- Example:
MVSP-1.5: Business controls, Training
- Example:
- Click + Add Control to add more controls to the same issue
- Click the trash icon next to a specific control to remove it individually
Activity / Audit Log
Access logs by opening the Jira ticket → Activity → Activity logs of CSC.
Log format examples:
[Author] created the Cybersecurity Controls 1/5/2023 3:29:09 PM
[Author] changed the control M/DD/YYYY H:MM AM/PM
MVSP-1.1, Business controls, Vulnerability reports → MVSP-1.3, Business controls, Self-assessmentLogged events: Initial, Created, Added, Removed, Changed
Pricing
See the Atlassian Apps pricing page.
Permissions
CSC performs the following actions on behalf of the user:
- Read and write to app storage (App Storage scope)
- Create and manage Jira issues
- Create and edit issues in Jira, post comments, create worklogs, and delete issues
- Manage project settings and create project-level objects (versions, components)
- View active user profile
- View Jira project and issue data
Technical Details
Built on Atlassian Forge UI Kit components using:
ProjectPageIssuePanelIssueActivityAdminPage
Required OAuth scopes:
read:jira-work
write:jira-work
manage:jira-project
storage:app