Skip to content
Log in

Control catalogue

Definition

A structured list of security controls, each with an identifier, a statement of intent, and (in detailed catalogues) implementation guidance. Examples include NIST SP 800-53 (which lists hundreds of controls across 20 families) and ISO 27002 (93 controls across four themes). A catalogue is the source document from which a mapping is built.

Related terms

Control family
A grouping of related controls within a catalogue. NIST SP 800-53 uses 20 families identified by two-letter codes: AC (Access Control), AU...
Crosswalk
A published table that aligns controls from two frameworks side by side to show which controls address the same security objective. NIST,...
Gap analysis
The process of comparing what a framework requires against what an organisation has actually implemented, to identify controls that are absent, partial,...
Implementation Group (IG)
A CIS Controls concept that divides the 153 safeguards across three tiers by organisational size and risk profile. IG1 (56 safeguards) covers...
Unified control mapping
An organisation-specific artefact that consolidates multiple crosswalks into a single table, adds columns for the organisation's own control implementations and evidence artefacts,...

Explained in

  • Mapping Controls Across FrameworksA structured list of security controls, each with an identifier, a statement of intent, and (in detailed catalogues) implementation guidance. Examples include...

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account