CSIP Looks Good

After reading through the CyberSecurity Strategy and Implementation Plan (CSIP) I was impressed with its scope and relatively clear terminology, acronyms notwithstanding, and how it outlined federal strategy.  I expect the timelines to be challenging, though.

 

What Are Controls (Safeguards)?

Controls are logical mechanisms applied in an effort to reduce risk.

This may feel vague because the term is primarily an abstract, logical entity that has specific implementations and humans like more concrete, implementable things.

Architecturally these entities sit at the logical layer but have concrete instances that are implemented by contextualizing the qualities of the control into the system you target.