Complementing the preparation done at lower layers to ensure sensitive activities are planned and executed securely, the final three layers look back on outcomes to ensure adherence to the organization’s Policies.

Beginning with an inspection of the intended and actual outcomes, activities within Layer 5 can be described as either Intent Evaluations and Behavioral Evaluations.

Building on Evaluation Findings, Layer 6 describes Preventative Enforcement activities that serve as guardrails, blocking non-compliant designs before they go live, and Remediative Enforcement activities which produce corrections after negative outcomes are detected in a real world scenario.

Finally, Layer 7 describes activities which serve to Audit the effectiveness of the organization’s Policies, Evaluation and Enforcement activities, and orchestrate Continuous Monitoring to ensure that sensitive activities remain compliant indefinitely.

An old leadership adage states that “a unit only does well that which its commander inspects well.” Activities categorized within Layers 5, 6, and 7 act as that inspection which equips our organizations to excel.

Continue Reading