Definition Edit

Common controls are

security controls employed at the organization level that typically serve multiple information systems. By centrally managing and documenting the development, implementation, assessment, authorization, and monitoring of common controls, organizations can amortize security costs across multiple information systems.[1]

Overview Edit

"Examples of business process areas having common controls include contingency planning, incident response, security training and awareness, personnel security, physical and environmental protection, and security program management. These business process areas are generally good candidates for common controls."[2]

References Edit

  1. Electricity Subsector Cybersecurity Risk Management Process, App. H, at 85.
  2. Id.