Today’s word: Common Control
A Common Control is a security control that applies across multiple systems.
Common Controls are most frequently used in compartmentalized security environments.
Compartmentalized security environments are those where there is a need to control one segment of servers or systems differently than another. Compartmentalized environments are frequently used in government systems, financial institutions or other high security environments. For example, in a credit card processing environment, Data Security Standards (PCI-DSS) requires that the processing environment is maintained at a high level of control. However, those higher level controls may not be needed or applicable to the standard user environment of the company. In that situation, the company would apply common controls where it could and more enhanced controls, compliant with the DSS, in the credit card processing space.