A test checks for a single requirement in a control. All controls contain one or more tests, each of which checks for a specific requirement of the control.
For example –
Logging of Administrative Actions is a control in TrustCloud, that has 3 tests in it –
- Administrative Action Logging
- Audit Logging
- Audit Logging File Validation
Some tests are mapped to systems. For example, a test for Data Store Encryption at rest is mapped to each system of type Data Store, because each data store needs to be encrypted.