Skip to content

Variable Implementation Summary

This document summarizes the additional variables that were added to the policy templates to replace hardcoded values.

What Was Added

1. Variable Registry Updates

Added three new sections to variable-registry.md:

  • Time-Based Operational Variables (13 new variables)
  • Numeric Thresholds (5 new variables)
  • Reporting & Review Cycles (4 new variables)
  • Recommended Values by Organization Profile (guidance for different org sizes)

2. Policy Templates Updated

The following policy templates were updated to use the new variables:

Data Backup and Recovery Policy

  • {{backup_frequency}} - replaced "daily"
  • {{backup_test_frequency}} - replaced "at least annually"
  • {{recovery_test_frequency}} - replaced "at least annually"
  • {{incident_review_frequency}} - replaced "regularly"
  • {{default_policy_review}} - replaced "at least annually"
  • {{board_reporting_cycle}} - replaced "Quarterly"

Essential Eight Implementation Policy

  • {{backup_frequency}} - replaced "daily"
  • {{backup_test_frequency}} - replaced "quarterly"
  • {{security_metrics_cycle}} - replaced "Monthly"
  • {{board_reporting_cycle}} - replaced "Quarterly"
  • {{full_audit_frequency}} - replaced "Annually"
  • {{exception_review_frequency}} - replaced "quarterly"

Access Control Policy

  • {{user_access_review_frequency}} - replaced "quarterly"
  • {{password_min_length}} - replaced "8"
  • {{lockout_threshold}} - replaced "a certain number"
  • {{session_timeout}} - replaced "a period of inactivity"
  • {{default_policy_review}} - replaced "at least annually"

Password and Authentication Policy

  • {{min_password_char_types}} - replaced "3"
  • {{exception_min_password_length}} - replaced "8"
  • {{exception_min_char_types}} - replaced "2"
  • {{exception_review_frequency}} - replaced "quarterly"
  • {{security_review_frequency}} - replaced "monthly"
  • {{security_metrics_cycle}} - used for MFA tracking
  • {{log_review_frequency}} - used for failed login monitoring
  • {{user_access_review_frequency}} - used for account pattern analysis

Incident Response Plan

  • {{log_review_frequency}} - replaced "in real-time"
  • {{incident_review_frequency}} - replaced "regularly"
  • {{default_policy_review}} - replaced "annually"
  • {{board_reporting_cycle}} - replaced "Quarterly"

Business Continuity and Disaster Recovery Policy

  • {{bc_plan_test_frequency}} - replaced "an annual"
  • {{default_policy_review}} - replaced "at least annually"
  • {{board_reporting_cycle}} - replaced "Quarterly"

Cyber and Information Security Policy

  • {{patch_check_frequency}} - replaced "once per quarter"
  • {{local_data_retention_days}} - replaced "three months"
  • {{default_policy_review}} - replaced "at least annually"
  • {{board_reporting_cycle}} - replaced "Quarterly"

Third-Party Supplier Security Policy

  • {{supplier_audit_frequency}} - replaced "at least annually" and "annual"
  • {{security_review_frequency}} - replaced "regularly"
  • {{default_policy_review}} - replaced "at least annually"

Benefits for Triple-Crossover Intelligence

These variables significantly enhance the policy templates by:

  1. Flexibility: Organizations can customize frequencies based on their size, industry, and risk profile
  2. Compliance Alignment: Time-based commitments can be pre-populated from regulatory requirements
  3. Insurance Integration: Frequencies can be pulled from insurance policy requirements
  4. Industry Standards: Default values can be set based on industry best practices
  5. Risk-Based Customization: High-risk organizations can set more frequent intervals

Next Steps

  1. Update any remaining policy templates that weren't covered in this implementation
  2. Create a configuration tool that helps organizations select appropriate values
  3. Integrate these variables with the triple-crossover intelligence system
  4. Document standard value sets for different industries (financial, healthcare, general business)