The Security Controls register allows you to track implementation of all 188 IA controls across the 15 control families.
Control Families
| Family | Name | Type |
|---|---|---|
| M1 | Information Security Governance | Management |
| M2 | Information Security Risk Management | Management |
| M3 | Human Resources Security | Management |
| M4 | Security Awareness & Training | Management |
| M5 | Compliance | Management |
| M6 | Performance Evaluation | Management |
| T1 | Asset Management | Technical |
| T2 | Physical & Environmental Security | Technical |
| T3 | Operations Security | Technical |
| T4 | Communications Security | Technical |
| T5 | Access Control | Technical |
| T6 | Third-Party Security | Technical |
| T7 | Systems Security | Technical |
| T8 | Incident Management | Technical |
| T9 | Business Continuity | Technical |
Priority Levels
- P1 — Mandatory, immediate implementation
- P2 — Important, implement within 6 months
- P3 — Desirable, implement within 12 months
- P4 — Recommended, implement as resources allow