Control

The Integrated Risk Management (IRM) platform is designed to streamline compliance and risk management by grouping controls to meet various regulatory requirements. This includes frameworks like the NIST Cybersecurity Framework, NIST Privacy Framework, NIST CUI-SSP, FFIEC CAT, NCUA ACET, FDIC-SSP, PCI-DSS, and FFIEC Common Controls.

By consolidating these controls, organizations can more efficiently manage their compliance efforts and improve their overall security posture.

Information Security Controls and Procedures are specific actions and processes implemented to enforce policies and mitigate risks, ensuring a secure and compliant environment. The IRM platform utilizes NIST SP 800-53r5 Policies, Controls, and Procedures, widely regarded as the gold standard in information security. By adhering to NIST standards, auditors and examiners can focus on verifying the implementation of controls rather than evaluating their design and/or efficacy, streamlining the audit process and ensuring compliance.

There are 1,008 controls and 195 control enhancements in the NIST SP 800-53 R5 specification, broken down into 22 NIST control families aligned with policies.

Examples include:

•Access Control (AC)
•Awareness and Training (AT)
•Audit and Accountability (AU)
•Security Assessment and Authorization (CA)
•Configuration Management (CM)
•Contingency Planning (CP)
•Identification and Authentication (IA)
•Individual Participation (IP)
•Incident Response (IR)
•Maintenance (MA)
•Media Protection (MP)
•Privacy Authorization (PA)
•Physical and Environmental Protection (PE)
•Planning (PL)
•Program Management (PM)
•Personnel Security (PS)
•PII Processing and Transparency (PT)
•Risk Assessment (RA)
•System and Services Acquisition (SA)
•System and Communications Protection (SC)
•System and Information Integrity (SI)
•Supply Chain Risk Management (SR)

These controls help organizations maintain a secure and compliant environment by effectively managing risks and adhering to established policies.