# Glossary

<table><thead><tr><th width="254">Concept</th><th>Explanation</th></tr></thead><tbody><tr><td></td><td></td></tr><tr><td>Domain</td><td>A division within your organisation on which you want to enforce an isolation of objects and the RBAC.<br>Demo and Starter are reserved for internal features.</td></tr><tr><td>Perimeter</td><td>An organisation can split a domain and link its audits, risk assessments, and other relevant objects to it. Doesn't enforce RBAC.</td></tr><tr><td></td><td></td></tr><tr><td>Role</td><td><p>A bundle of permissions. Four roles are built-in:</p><p><br>- <em>Domain Manager:</em> can set up and access everything on a domain<br>- <em>Analyst:</em> can input and read data, but cannot change the settings of a domain<br>- <em>Reader:</em> can only read the items of a domain<br>- <em>Approver:</em> can validate workflows on objects for a domain (eg, Risk Acceptance)</p></td></tr><tr><td>User group</td><td>A combination of a role and a domain, on which you can have your users.<br>User groups are automatically created on your behalf whenever you create a domain</td></tr><tr><td></td><td></td></tr><tr><td>Reference Control</td><td>A template for a control that can be used as a reference and re-instantiated when needed. </td></tr><tr><td>Applied Control</td><td><strong>The main component of the action plan</strong>. The actual action that you have implemented or will implement. It could be technical, process, policy, documentation, etc.</td></tr><tr><td>Evidence</td><td>A document, screenshot, config sample, etc., that can prove that an applied control has been properly implemented.</td></tr><tr><td>Task</td><td>Main component of the task management module. It can be a one-time thing, a periodic one. It supports assignment.</td></tr><tr><td></td><td></td></tr><tr><td>Catalog objects</td><td>Reusable objects of CISO Assistant, and are the building blocks of the library (Frameworks, threats, matrix, etc.)</td></tr><tr><td>Library</td><td>Container object that holds one or multiple catalog objects for CISO Assistant (e.g. Framework, matrix, etc.)</td></tr><tr><td>Framework</td><td>A set of requirements that covers patterns and expectations to comply with a regulation, prepare a certification, or establish a foundation.</td></tr><tr><td>Mapping</td><td>Based on the OLIR initiative and allows moving between a framework A to framework B while reusing the previous assessment.</td></tr><tr><td></td><td></td></tr><tr><td>Entity</td><td>Scope of an external review, usually the vendor / third party.</td></tr><tr><td>Solution</td><td>Product or service provided by the entity</td></tr><tr><td>Entity assessment</td><td>The actual review of the entity, which can trigger or be linked to an audit  </td></tr><tr><td>Representative</td><td>The person that needs to answer the questionnaire and requirement of the entity assessment.</td></tr><tr><td></td><td></td></tr><tr><td>URN</td><td>Uniform Resource Name, used as a unique identifier to link to multiple CISO Assistant catalog objects.</td></tr></tbody></table>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://intuitem.gitbook.io/ciso-assistant/guide/glossary.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.