# Controls

Controls explicitly state a specific action that the organization will take to enforce a Policy goal.

## Format
```
name: Access Control Procedures
family: Access Control
identifier: AC-2
governingPolicy:
  - policyName: Access Onboarding and Termination
    policyID: SDM-AOTP
    policyClause: 1.1
owner: Director, Security & Compliance
published: 2020-01-01
targets:
  TSC 2017:
    - CC6.1
    - CC6.2
    - CC6.3
  NIST 800-53:
    - AC-1
revisions:
  - date: Sep 1 2020
    comment: Initial documentation of control
---
1. Develop, document, and disseminate to all employees:

    1. Organizational access control policy that:

        1. Addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and

```