Cybersecurity Management System (CSC) - Unicis.Tech OÜ Docs

The Cybersecurity Management System (CSC) module provides a comprehensive set of baseline security controls to safeguard against cyber threats. It supports multiple compliance frameworks, enabling organizations to assess their security posture, track control implementation, and perform GAP analysis.

Supported Frameworks

Framework availability by subscription plan:

Framework	Plan
MVSP v1.0 (Minimum Viable Secure Product)	Community (default)
GDPR	Community
ISO/IEC 27001	Premium
EU NIS2 Directive	Premium
CIS Critical Security Controls v8.1	Premium
C5 (Cloud Computing Compliance Controls Catalogue)	Premium
SOC 2	Ultimate
NIST CSF 2.0	Ultimate

Multi-framework selection by plan:

• Community — access to one cybersecurity framework
• Premium — select and manage up to three frameworks simultaneously
• Ultimate — access to all frameworks with full multi-framework integration and cross-mapping support

Dashboard

The CSC dashboard is divided into two sections.

Charts

1. Pie chart — distribution of control statuses as a proportion of all controls
2. Radar chart — security maturity levels per domain, based on ISO/IEC 21827
   methodology

Controls Table

Column	Description
Code	Framework code, e.g. MVSP-1.1
Section	Domain or section, e.g. Business Controls, Application Design Controls
Control	Control name, e.g. Training, Self-assessment
Requirements	What must be set up and put into practice
Status	Current maturity level (dropdown)
Tasks	Linked tasks/evidence (dropdown selection from team tasks)

Frameworks

Minimum Viable Secure Product (MVSP)

MVSP v1.0 is a minimal security checklist for B2B software and business process outsourcing suppliers. Created with simplicity in mind, it only includes measures that must be in place to guarantee a product has a minimally feasible security posture. All businesses creating B2B software or managing sensitive data should implement these controls at a minimum.

GDPR (General Data Protection Regulation)

The GDPR is the EU legal framework for protecting personal data of individuals. It applies to all organizations processing personal data of EU residents. The Unicis CSC application provides a mapped set of GDPR requirements and implementation guidance, focusing on practical steps for data minimization, accountability, and privacy by design.

ISO/IEC 27001

ISO/IEC 27001 is an Information Security Management System (ISMS) standard protecting the confidentiality, integrity, and availability of data. The Unicis CSC application provides ISO/IEC 27001 revision controls, updated in 2013 and most recently in 2022.

Controls can be filtered by section using Choose a section, by status using Choose a status, and by page count (5, 10, 25, 50, 100).

EU NIS2 Directive

NIS2 is the EU’s latest cybersecurity legislation aimed at enhancing security across critical infrastructure sectors and digital service providers. It introduces risk management measures, incident reporting obligations, and board-level accountability for a wider range of organizations including energy, transport, health, digital infrastructure, and public administration.

CIS Controls v8.1

CIS v8.1 is a prioritized and actionable set of 18 cybersecurity best practices covering asset inventory, access control, vulnerability management, secure configuration, and incident response. Continuously updated by experts to reflect evolving threats.

C5 (Cloud Computing Compliance Controls Catalogue)

The C5 Framework, developed by the German Federal Office for Information Security (BSI), provides a standardized approach for assessing cloud service provider security. It defines controls across key domains including data protection, service availability, incident management, and regulatory compliance — especially relevant for organizations relying on cloud services.

NIST CSF 2.0

The NIST CSF 2.0 is a voluntary framework from the National Institute of Standards and Technology designed to help organizations protect their information systems. It provides a structured approach to evaluating cybersecurity risk, identifying areas for improvement, and managing cybersecurity programs aligned with business objectives.

SOC 2 (Service Organization Control 2)

The SOC 2 framework, developed by the AICPA, focuses on managing customer data based on five Trust Service Criteria: security, availability, processing integrity, confidentiality, and privacy. The Unicis CSC application provides mapped SOC 2 controls aligned with the Trust Services Criteria.

Maturity Levels (ISO/IEC 21827

)

Maturity level is based on ISO/IEC 21827

— Systems Security Engineering — Capability Maturity Model:

Status	Meaning
Unknown	Has not been checked yet
Not Applicable	Management has determined this can be ignored
Not Performed	Complete lack of recognizable policy, procedure, or control
Performed Informally	Development barely started; requires significant work
Planned	Progressing but not yet complete
Well Defined	Mostly complete; detail lacking or not yet enforced by management
Quantitatively Controlled	Complete; implemented and recently started operating
Continuously Improving	Fully satisfied; actively monitored with substantial auditor evidence

Add a Control to a Task

From a task in edit mode, open the Cybersecurity Controls tab:

1. Select a control from the dropdown (format: CODE: Section, Control name, e.g. MVSP-1.5: Business controls, Training)
2. Set the Status
3. Read the control requirements
4. Add additional controls with + Add Control
5. Remove a specific control with the Remove button next to it

Delete

Controls associated with a task can be deleted individually by clicking Remove next to the specific control, or all controls can be cleared by deleting the associated task.

Activity Logs

Access audit logs by opening the associated task and navigating to Audit Logs → Cybersecurity Audit Logs.

Logged events:

• Created
• Updated
• Deleted