Control CoreDocs

📌 Control Scenarios

Audience: Control authors, compliance officers, security engineers Time: ~5 min to pick a scenario and create a template-based control

Use this page as a quick-start map for all major Control Core use cases. Click a scenario to see typical attributes, common actions, and how to start from the Wizard Scenario Starter Catalog.

📌 How to start from a template

  1. Go to Controls → Templates → Scenario Starter Catalog
  2. Select the scenario that fits your use case
  3. Click Use this template — conditions and actions are pre-filled
  4. Customise the conditions for your resource and data sources
  5. Deploy to Sandbox → test → promote

🔒 AI Security and Governance

Example use cases:

  • Restrict which users can access AI model endpoints
  • Enforce prompt safety checks before forwarding to a model
  • Contain AI tool sprawl (limit which AI agents can call which MCP servers)
  • Require MFA or step-up authentication for high-risk AI operations

Typical attributes: model.name · prompt.content · user.mfa_verified · session.risk_score · agent.identity · tool.name

Common actions: approval_gate · notification · siem_log

📌 Data Governance and Privacy

Example use cases:

  • Restrict access to confidential or PII datasets to authorised roles
  • Enforce field-level masking for data with classification CONFIDENTIAL
  • Require explicit purpose-of-use for sensitive data access
  • Enforce data residency controls based on user location or request context

Typical attributes: resource.data_classification · user.purpose_of_use · action · user.department · user.location

Common actions: siem_log · audit_log · policy_trigger

🔒 API Security and Partner Access

Example use cases:

  • Enforce endpoint-level access controls on REST APIs
  • Service-to-service trust verification with scoped tokens
  • Tenant boundary enforcement for partner or multi-tenant APIs
  • Rate and scope controls for third-party API consumers

Typical attributes: resource.path · request.method · client.app_id · token.scopes · resource.tenant_id

Common actions: webhook · notification · siem_log

📌 Cloud Infrastructure and Platform Ops

Example use cases:

  • Privileged change control on production infrastructure
  • Geo- and risk-aware access to cloud management planes
  • Break-glass governance for emergency infrastructure access

Typical attributes: resource.type · location.country · environment · user.role · user.clearance_level

Common actions: break_glass_notify · approval_gate · siem_log

📌 Identity, Workforce, and Zero Trust

Example use cases:

  • Step-up authentication enforcement for sensitive operations
  • Device posture + role combined access control
  • Adaptive access based on session risk score
  • Contractor vs employee differential access policies

Typical attributes: user.authenticated · user.mfa_verified · device.trust_level · session.risk_score · user.employee_type

Common actions: notification · policy_trigger

🔒 Financial and Payments Risk Controls

Example use cases:

  • Require dual approval for high-value transaction operations
  • Segregation of duties controls for financial data access
  • AML / KYC-aware transaction escalation
  • Controls on payment dispute workflows

Typical attributes: transaction.amount · transaction.country · user.role · user.clearance_level · user.kyc_status

Common actions: approval_gate · siem_log · webhook

🛡️ Healthcare and Clinical Access Controls

Example use cases:

  • Minimum-necessary enforcement on PHI access
  • Emergency break-glass access with mandatory audit trail
  • Treatment-context-aware patient data controls
  • HIPAA-aligned role controls for clinical systems

Typical attributes: user.purpose_of_use · patient.consent · user.break_glass · resource.sensitivity · user.role

Common actions: break_glass_notify · siem_log · notification

🚀 DevSecOps, SDLC, and Release Governance

Example use cases:

  • Production deployment approval gates in CI/CD pipelines
  • Control Core policy gates as part of build pipelines
  • Privileged runtime access for incident response
  • Artifact trust validation before production deployment

Typical attributes: environment · pipeline.stage · user.role · build.artifact_trust · release.approver

Common actions: approval_gate · policy_trigger

📌 Third-Party and Vendor Access Governance

Example use cases:

  • Time-boxed vendor access with automatic expiry
  • Contract-aware access tiers for external partners
  • Tenant boundary enforcement across shared services

Typical attributes: user.vendor_id · session.start_time · resource.tenant_id · contract.access_tier · user.contractor

Common actions: notification · webhook · siem_log

🔒 Insider Risk and SOC Automation

Example use cases:

  • Anomalous data movement detection and blocking
  • Suspicious privileged access escalation to SOC
  • Automated SIEM handoff on high-risk decisions
  • Policy-driven investigation workflow triggers

Typical attributes: session.risk_score · resource.data_classification · action · location.country · user.anomaly_score

Common actions: siem_log · webhook

🏗️ Quick build flow from any scenario

  1. Pick a scenario above → go to Wizard Scenario Starter Catalog
  2. Refine conditions with PIP attributes (check data source mappings if attributes are missing)
  3. Add decision-time actions (on_allow, on_deny, on_mask, always)
  4. Preview Rego → Save draft → Deploy to Sandbox → Simulate
  5. Promote to production when tests pass