Skip to main content

Control Framework

Objective

Provide a structured control model aligned with the identified risks.

Control Categories

Controls are grouped into the following domains:

Access Control
Network Security
System Hardening
Logging & Monitoring
Backup & Recovery
Change Management

Control Structure

Each control includes:

Control ID
Description
Linked Risk ID
Implementation Status
Validation Method

Example

Control ID: AC-01 Category: Access Control Description: Enforce key-based SSH authentication Linked Risk: R-01 Status: Established Validation: Manual configuration review

Objective
Control Categories
Control Structure
Example