You may extend the collection of controls with additional ones. These new controls may consider additional safeguards to be applied for risk treatment. The new controls may be narrowed to be applicable to some asset classes and threats.


For the new control you may specify


code (mandatory)

a unique code to identify the new control


name

a short 1-line description


asset classes (optional)

zero or more asset classes; the new control will be applied only to risks involving an asset of any of the enumerated classes


threats (optional)

zero or more threats; the new control will be applied only to risks involving any of the enumerated threats


safeguards (optional)

zero or more safeguards from the catalogue (either PILAR or NIST); the new control may pull-up, push-down, or just compare its valuation with that of the 

enumerated safeguards


description

a longer description of the control