Scoping, Tailoring, and Supplementation

Scoping involves removing baseline security controls that are not applicable, such as removing privacy controls where private data is nonexistent, whereas; 

Tailoring involves modifying the baseline to become more applicable, such as changing the application timeout requirement from 10 minutes of inactivity to five.

Supplementation involves adding platform-specific or environment-specific details to your controls, such as replacing the term “operating system” with “Windows”.

Cloud Access Security Brokers (CASB)

A Cloud Access Security Broker (CASB) is a security tool that helps organizations enforce policies for cloud services. It provides:

• Visibility – Tracks cloud app usage and data access.
• Access Control – Manages who can access which cloud applications.
• Compliance & Security – Ensures cloud data meets security and regulatory requirements.

As organizations expand their cloud usage, CASBs play a crucial role in managing security, mitigating risks, and ensuring ongoing compliance.