The Diagram Gal

NIST Compliance Diagrams

Conmon Spreadsheets in Excel: examples & formulas

FedRamp | GovRamp | SOC 2 | PCI DSS 4.0.1

Welcome to Better Compliance Documentation

Resources

Getting Started

When do you need diagrams?

There are a variety of reasons from practical to compliance. I have used diagrams to:

  • help investigate and resolve potential security incidents,
  • teach new developers or internal stakeholders about the systems,
  • identify areas of concern or gaps in security controls,
  • Comply with audit requirements for Security Certifications
  • Describe SaaS systems to potential customers.* editing out sensitive system data that could be used by an attacker.
View Diagram Types →

Tools (frequently used diagramming software)

Visio (best for business, enterprise)

Lucidchart (free, individual, and group)

Draw.io (free, paid, app integrations available)

Security Frameworks & Diagram References

FISMA

NIST RMF

NIST SP 800-53 rev 5

NIST SP 800-171 rev 3

NIST Small Business Cybersecurity Corner

ISO 27001 (not free information)

PCI DSS 4.0.1 (free information but you must identify yourself to receive access)