Control Index
Purpose
This page provides the canonical index of all security controls defined within the Scheol Security Lab.
It ensures that controls are:
- uniquely identified
- aligned with actual risks
- traceable to implementation and validation
- easy to navigate and review
Each control is documented as an individual entry.
Control Index
| Control ID | Name | Type | Related Risks | Status | Link |
|---|---|---|---|---|---|
| C-001 | Reverse Proxy Exposure Control | Preventive | R-001 | Active | View |
| C-002 | Network Segmentation Enforcement | Preventive | R-001 | Planned | View |
| C-003 | Web Application Hardening | Preventive | R-002 | In Progress | View |
| C-004 | Data Access Restriction | Preventive | R-002 | Planned | View |
| C-005 | Administrative Access Hardening | Preventive | R-003 | In Progress | View |
| C-006 | Credential & Secrets Management | Preventive | R-003 | Active | View |
| C-007 | Logging & Detection Baseline | Detective | R-001, R-002, R-003 | Planned | View |
Scope & Strategy
At the current stage, the control set is intentionally:
- limited in number
- directly aligned with active risks (R-001 to R-003)
- focused on high-impact security improvements
This ensures:
- strong coherence between risk and control layers
- realistic implementation within the lab
- avoidance of unnecessary or unused controls
Traceability Rules
Each control must be linked to:
- at least one risk
- one or more assets or architectural components
- a defined validation method
This guarantees consistency across:
- Risk Register
- Applied Security Architecture
- Validation & Monitoring
Status Definition
- Active → control implemented and operational
- In Progress → partially implemented or being deployed
- Planned → defined but not yet implemented
Current Maturity
Established
- clear control identification and structure
- alignment with core risks (R-001 to R-003)
- consistent control classification
In Progress
- implementation of key controls (access, application, segmentation)
- definition of validation mechanisms
- linkage with assets and architecture
Planned
- expansion aligned with future risks and scenarios
- integration with monitoring and validation layers
- improved audit and evidence traceability