Skip to main content

2. Set your Control Catalogues

Customising your Control Catalogues is essential for aligning your cybersecurity framework with your organisation's unique structure and objectives.

Easily manage and tailor these catalogues in your Workspace Settings to meet your specific needs.


Global Catalogues

Some catalogues are more global and apply to the entire organisation, requiring configuration during the initial setup of your global environment:

Business Unit

The "Business Units" catalog lists distinct operational divisions within an organization, enabling precise tracking and management of functional areas.

Functional Domains

The "Functional Domains" catalog organizes key areas of business operations into distinct categories to facilitate targeted management and strategic alignment. This catalog helps synchronize various organizational activities with overarching business goals, ensuring that each domain operates cohesively within the larger business strategy.


Policy and Control Specific Catalogues

Properties_Catalogs_P-2.png

Other catalogues are more granular and directly tied to your Policies and Controls. While they align with ISO 27001 standards, they should be customised to your environment or used as default settings:

Information Security Properties

The "Information Security Properties" catalog defines the key properties that safeguard information within an organization, ensuring data is managed securely and effectively.

Control Function

The "NIST - Controls Functions" catalog provides a structured approach to managing cybersecurity risks by categorizing the primary functions of security controls.

Privacy Control Function

The "NIST - Privacy Controls Functions" catalog outlines the core functions of privacy controls, emphasizing their role in protecting personal information within organizational processes.

Security Domains

The "ISO - Security Domains" catalog segments security measures into major domains as defined by ISO standards, helping organizations to structure and prioritize their security efforts.

Control Types

The "ISO Control Types" catalog delineates types of controls as defined by ISO standards based on their function in managing security risks

Operational Capabilities

The "ISO - Operational Capabilities" catalog organizes operational capabilities as defined by ISO standards, supporting comprehensive security and governance frameworks.


By tailoring these catalogues, CSFaaS enables you to build a flexible, scalable, and effective control management framework. This adaptability ensures that your organisation can respond swiftly to evolving requirements, maintaining a secure, compliant, and strategically aligned posture at all times.