Understand any control — whether or not it's on your assessment.
Plain-language explanations of the full universe of cybersecurity controls and topics: what each one is, why carriers ask about it, and what strong practice looks like. Always available, nothing hidden.
No topics match that search.
The control areas carriers assess on a cyber-insurance application — what each one is, why it is asked, and what strong practice looks like.
Company Profile & Data Sensitivity
Your size and the sensitivity of the data you hold this year. (Company name, website, and industry live in your Compa…
Identity & Access — MFA
Multi-factor authentication, by surface. "Available but not enforced" is a partial — it still scores as a gap.
Privileged Access Management
How administrative access is separated and controlled.
Endpoint Security
Endpoint protection and how actively it is monitored.
Email Security
Filtering and inbound controls on the primary attack vector.
Resilience — Backups & Recovery
Recovery is weighted highest. A documented DR plan only counts if it has been tested.
Detection & Monitoring
Visibility into sensitive systems.
Vulnerability Management
Patching and configuration hygiene.
Human Layer — Training
Security awareness across all staff.
Wire-Fraud / Funds-Transfer Controls
Finance-lane controls against funds-transfer fraud.
Media / IP Liability
Finance-lane controls around published content and third-party media.
Encryption
Protecting data at rest, in transit, and on devices.
Compliance Overlays
Only scored where applicable to your business.
Loss History & Known Circumstances
Risk context. Captured for completeness; does not reduce your score on its own.
AI Readiness
Scored separately as your AI Readiness score — it does not change your cyber-insurance posture. This may not be on yo…
Broader control families drawn from recognized frameworks (HIPAA Security Rule, NIST CSF, HITRUST). Each is described as a maturity ladder — what it looks like at each level.
Incident Response
Stand up a written IR plan, define roles, and run a tabletop.
Third-Party / Vendor Risk
Risk-rank vendors and capture contracts / BAAs.
Governance / Risk Analysis / Policies
Build the policy set and an annual risk analysis.
Asset Management / Inventory
Maintain an inventory (incl. SaaS) and map data flows.
Network Security / Segmentation
Segment networks and secure remote access.
Logging / Audit Controls
Centralize and retain logs with a review cadence.
Physical & Environmental
Access control, visitor logging, and media disposal.
Data Governance / Classification / Retention & Disposal
Classify data and set retention / secure disposal.
This library is general education, not advice about your specific organization. It describes what each control is and what strong practice looks like; whether and how any of it applies to you is your decision, in consultation with your carrier, broker, or counsel.