Select Sidearea

Area for extra info, links, etc.
[email protected]
+(610) 816-010

CM – Controls Management

ClearArmor delivers a radical solution for complex Controls Management.

Controls Management can be difficult at best and is often never achieved by many organizations. Controls Management is wildly expensive and often improperly implemented, & organizations typically give in to the few big players in GRC and IRM.

Through hundreds of interviews, alignment with leading edge partners, and identification of why these implementations fail, ClearArmor has brought forth radical simplification of complex problems through CyberSecurity Resource Planning (CSRP). Controls Management is one foundational element of mature CyberSecurity.

But what are Controls? Controls are granular intents of a voluntary Framework (NIST CyberSecurity Framework – CSF, Center for Internet Security, etc.) or Regulatory Framework (Risk Management Framework, HIPAA, CCPD, DFS-500, GDPR, etc.). These controls may be categorized into groupings.

Why Controls Management (CM)? Without CM, organizations cannot understand what they need to achieve, may not be able to pass audits, and cannot move onto Policy Management or Audit Management.

How does ClearArmor Achieve Controls Management? By managing:

  • Frameworks are Selected and Recorded in the CSRP
  • Controls related to the Frameworks are loaded
  • Mappings of duplicative controls are identified
  • Composite Frameworks are created
  • Application of Frameworks to the Organization, Divisions or Systems
  • Containers for Policy and Audit Management are created
CM - Controls Management


DM – Data Mapping

DM – Data Mapping allows the organization to associate key granular data with other data, making collected information more powerful and meaningful to pre-built and custom dashboards and representations.

CC – Cyber Culture

CC-Cyber Culture leverages included InfoSec Institute CyberAwareness Training to eliminate risk at a key CyberSecurity breach vector, people. CC starts with the rapid, engaging, and short training sessions. CC follows with testing progress using documented scores and Phishing simulation testing across the organization.

VAC – Vulnerability and Compliance

VAC – Vulnerability and Compliances provides the mechanisms to identify Software, hardware, and configuration based vulnerabilities through integrations and interfacing to IT Asset Management, IT-Pedia®data, Open Source Vulnerability Scanning, and SCAP Scanning.

ITAM – IT Asset Management

ITAM – IT Asset Management allows for the discovery, heterogeneous data source integration, data normalization, white listing, categorization, ownership, lifecycle management, and vendor management related to hardware and software assets.

RM – Risk Management

RM – Risk Management allows the organization to understand and manage the events, triggers, impacts, potential reductions, reduction progress, response plans, and documented testing of those plans.

AM – Audit Management

AM – Audit Management sets the ownership, governance, schedules, and processes for auditing that the policies and controls in effect.

PM – Policy Management

PM – Policy Management provides the ability to document and communicate how policy relates to organizational controls.

CM – Controls Management

CM – Controls Management aligns your organization to the frameworks and regulatory controls they have voluntarily, or are required to follow.

CMO – Cyber Management Office

CMO – The Cyber Management Office provides the ability to governance and manage the individual efforts your organization must execute to achieve continued improvement in CyberSecurity

M2 – Momentum Methodology

M2 is the bridge between Technology, Leadership, and Process. M2 provides a standardized method to understand, implement, and work toward continued improvement in CyberSecurity