Many of the controls are neutral to different systems or areas of the organization, so can be effectively implemented centrally. Once implemented, these common controls can be embedded in different systems or programs across the organization. These are described as ‘inheritable’ controls within the publication, as different systems can inherit the control from an overall common control.
This approach lowers the resources and cost when compared with implementation across individual systems or areas of the organization. Examples may include control guidance on user account access, which can be utilized across different systems as a common policy. Some controls will be system-specific, but, where possible, the common approach should be utilized to save resources andtime.