Common controls are
|“||security controls employed at the organization level that typically serve multiple information systems. By centrally managing and documenting the development, implementation, assessment, authorization, and monitoring of common controls, organizations can amortize security costs across multiple information systems.||”|
"Examples of business process areas having common controls include contingency planning, incident response, security training and awareness, personnel security, physical and environmental protection, and security program management. These business process areas are generally good candidates for common controls."
- ↑ Electricity Subsector Cybersecurity Risk Management Process, App. H, at 85.
- ↑ Id.