comply/example/controls/README.md

# Controls

Controls explicitly state a specific action that the organization will take to enforce a Policy goal.

## Format
```
name: Access Control Procedures
family: Access Control
identifier: AC-2
governingPolicy:
  - policyName: Access Onboarding and Termination
    policyID: SDM-AOTP
    policyClause: 1.1
owner: Director, Security & Compliance
published: 2020-01-01
targets:
  TSC 2017:
    - CC6.1
    - CC6.2
    - CC6.3
  NIST 800-53:
    - AC-1
revisions:
  - date: Sep 1 2020
    comment: Initial documentation of control
---
1. Develop, document, and disseminate to all employees:

    1. Organizational access control policy that:

        1. Addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and

```
Add a model for a Control, which ou can use to document control statements, owners, governing policies, etc. 2020-09-17 15:38:11 +00:00			`# Controls`

			`Controls explicitly state a specific action that the organization will take to enforce a Policy goal.`

			`## Format`
			```
			`name: Access Control Procedures`
			`family: Access Control`
			`identifier: AC-2`
			`governingPolicy:`
			`- policyName: Access Onboarding and Termination`
			`policyID: SDM-AOTP`
			`policyClause: 1.1`
			`owner: Director, Security & Compliance`
			`published: 2020-01-01`
			`targets:`
			`TSC 2017:`
			`- CC6.1`
			`- CC6.2`
			`- CC6.3`
			`NIST 800-53:`
			`- AC-1`
			`revisions:`
			`- date: Sep 1 2020`
			`comment: Initial documentation of control`
			`---`
			`1. Develop, document, and disseminate to all employees:`

			`1. Organizational access control policy that:`

			`1. Addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and`

			```