Reference Controls

The Reference Controls page in CyberGuard.ai provides a comprehensive catalog of all security and compliance controls referenced across multiple frameworks and domains. It acts as the foundation for mapping organizational policies, risk treatments, and audit checkpoints to standardized control sets such as NIST, ISO, CMMC, or SOC 2.

Each control record includes key attributes such as reference ID, name, description, category, CSF function, provider, domain, and labels. This structured database ensures consistency in control definitions across different frameworks, helping users eliminate redundancy and maintain alignment with industry best practices.

By maintaining a single source of reference controls, CyberGuard.ai simplifies governance and compliance operations — enabling organizations to quickly identify which controls are implemented, pending, or overlapping between frameworks.

Usage Notes

1. Adding New Controls

   • Click Add Control to create a new control reference.

   • Define the control’s name, description, associated framework or provider, and its CSF function (e.g., Identify, Protect, Detect, Respond, Recover).

   • Assign it to a relevant domain and add classification labels if needed.

2. Viewing and Editing Controls

   • Use the view icon to access detailed control information, including linked threats, risks, and policies.

   • Click the edit icon to update or refine existing controls as frameworks evolve.

3. Filtering and Searching

   • Use the search bar to quickly find controls by name, ID, or category.

   • Apply filters to narrow down controls by provider, framework, or CSF function.

4. Framework Alignment

   • Reference controls serve as the baseline for cross-framework mapping, enabling CyberGuard.ai to correlate controls between different compliance standards (e.g., mapping NIST SP 800-53 to CMMC or ISO 27001).

5. Usage in Assessments and Policies

   • Controls cataloged here are reused throughout other modules — including Risk, Compliance, and Operations — to ensure consistent assessment criteria and reporting metrics.

Related Pages

• Frameworks – View and manage the cybersecurity frameworks from which reference controls are derived.

• Mappings – Understand how reference controls relate to frameworks, threats, and organizational policies.

• Threats – Link known threats to the appropriate mitigating controls

• Compliance Assessments – Apply reference controls to specific audits and compliance evaluations.