Security Controls reduce the likelihood of and discover threats to system and information assets, as well as eliminating vulnerabilities and decreasing the impact of exploited exposures.
The Control Catalogues may be derived from industry standards or business specific, all of which may be cross referenced to allow standard compliance traceability between catalogues.