The Controls tab on the Risk Modeling page lets you associate control statements and controls with the security objective.
Click Add or Remove to associate or disassociate controls with the security objective, respectively. After you associate controls to the security objective, the control statements and controls are displayed in a tree view.
Click Add from Template to select and associate controls from the installed security objective templates. CCS provides a rich set of the following predefined security objective templates:
User identification and authentication
Training and awareness
Information confidentiality and integrity
Data loss protection
Human resources security
Physical and environmental security
The controls from the Symantec Controls Studio are mapped to these templates.
If you associate controls with a security objective, you may also want to use the Configure Controls tab to define weights and compensating controls and the Monitoring tab to define parameters for monitoring the risk score.