Explore the Cyber Security Framework, Controls, and Threat Models

The following sections allow you to take a deep dive into the detail of the available frameworks, controls, and threat models.


Frameworks describe a set of outcomes that are supported by security or privacy programs. The outcomes are high-level goals. The details of how the goals are accomplished is described in controls (or “informative references”).

Control Sets

Controls are technical or administrative (i.e., policy or procedure) countermeasures designed to protect the desired outcomes of a security or privacy program. Controls protect the confidentiality, integrity, and availability of information systems.

Threat Models

Threat models describe possible attacker actions to disrupt desired security outcomes. Threat models allow a set of security controls to be viewed from the attack perspective can help provide a more comprehensive or threat-informed defense.