Control Framework Assessment

Within a company, your risk team should own the Control Framework Assessment and anchor the security framework to the Control Framework. The Control Framework would likely include the National Institute of Standards and Technology 800-53 control families, or any sector specific controls that may be required. Your risk team uses AttackIQ’s Security Optimization Platform to technically assert the effectiveness of those controls, either through the audit team or on their own volition.