# Assessment & Data Import File

The data you collect and input into the Excel data import file serves as the foundation for&#x20;your CIS Critical Security Controls assessment in PowerBI.&#x20;

The Excel data import file will serve as the data source for the PowerBI dashboard. Ensure that you update the pre-populated demo data in the *Policy Defined, Control&#x20;Implemented, Control Automated or Technically Enforced, Control Reported to Business*, and&#x20;*Target Score* columns based on your actual assessment before importing the data into&#x20;PowerBI.

The&#x20;Excel sheet has the following columns, some of which are pre-populated:

| Column                                    | Description                                                 | Type                          |
| ----------------------------------------- | ----------------------------------------------------------- | ----------------------------- |
| Control Number                            | The number of the CIS Control                               | Pre-populated (Do not change) |
| Control Name                              | The name of the CIS Control                                 | Pre-populated (Do not change) |
| ID                                        | The ID of the safeguard                                     | Pre-populated (Do not change) |
| CIS Control Detail                        | The detail of the safeguard                                 | Pre-populated (Do not change) |
| Implementation Group                      | The lowest implementation group of the safeguard            | Pre-populated (Do not change) |
| Policy Defined                            | Assessed policy compliance status                           | Single-select                 |
| Control Implemented                       | Assessed implementation status                              | Single-select                 |
| Control Automated or Technically Enforced | Assessed automation and enforcement status                  | Single-select                 |
| Control Reported to Business              | Assessed control reporting status                           | Single-select                 |
| Target Score                              | Target score for the safeguard                              | Numeric (0-4)                 |
| In-scope                                  | Whether or not the safeguard is in scope for the assessment | Yes/No                        |

## Scoring

The assessment's scoring is based on the selected values for *Policy Defined, Control Implemented, Control Automated or Technically Enforced,* and *Control Reported to Business.*

### Policy Defined

Pre-populated with demo data, this column is where you'll indicate the&#x20;assessed policy compliance status for the associated sub-control. Each status maps to a 0-4&#x20;numeric score for that category.&#x20;

**Choose from the following single-select options:**

* Approved Written Policy (4)
* Written Policy (3)
* Partial Written Policy (2)
* Informal Policy (1)
* No Policy (0)

### Control Implemented

Pre-populated with demo data, this column is where you'll indicate&#x20;the implementation status for the associated safeguard. Each status maps to a 0-4&#x20;numeric score for that category.&#x20;

**Choose from the following single-select options:**&#x20;

* Implemented on All Systems (4)
* Implemented on Most Systems (3)
* Implemented on Some Systems (2)
* Parts of Policy Implemented (1)
* Not Implemented (0)

### Control Automated or Technically Enforced

Pre-populated with demo data, this column&#x20;is where you'll indicate if the safeguard is enforced technically or otherwise automated.&#x20;Each status maps to a 0-4 numeric score for that category.&#x20;

**Choose from the following&#x20;single-select options:**

* Automated on All Systems (4)
* Automated on Most Systems (3)
* Automated on Some Systems (2)
* Parts of Policy Automated (1)
* Not Automated (0)

Some safeguards cannot be automated or technically enforced. These controls have been\
marked as “Not Applicable” and should not be changed.

### Control Reported to Business

Pre-populated with demo data, this column is where you'll&#x20;indicate if the safeguard is reported back to the business. Each status maps to a 0-4&#x20;numeric score for that category.&#x20;

**Choose from the following single-select options:**

* Reported on All Systems (4)
* Reported on Most Systems (3)
* Reported on Some Systems (2)
* Parts of Policy Reported (1)
* Not Reported (0)

Some safeguards cannot be automated or technically enforced. These controls have been\
marked as “Not Applicable” and should not be changed.

### Target Score

Pre-populated with demo data, this is a numeric field where you can set the&#x20;target score for that safeguard on a 0-4 scale. This will be used to compare the assessed&#x20;score for each sub-control against what the organization is looking to achieve.

### Importing the Data into PowerBI

After filing out the Excel sheet:

1. Save the Excel file in a location you can easily access
2. Open the PowerBI template
3. When prompted, enter the full filepath to the saved Excel file
4. Your PowerBI dashboard will automatically populate based on the data


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.securemetrics.io/assessment-and-data-import-file.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.