CONTROLS MITIGATE RISK. In other words, they reduce or neutralize threats or vulnerabilities to an acceptable level. At any point in time, you will likely have controls that are in place, controls that are planned, and controls that are needed or being considered.

There are hundreds of controls you can implement in any environment. When evaluating controls, it's best to consider controls in different categories. The National Institute of Standards and Technology published Special Publication SP 800-53. This document groups 18 families of controls into three classes: Technical, Operational, and Management. The document also categorizes controls as Administrative, Technical, and ...