Control Enhancement

A control enhancement is an additional capability or specification that extends a base security control. Think of the base control as the minimum requirement and enhancements as optional add-ons that provide stronger security. For example, the base Access Control (AC-2) control requires account management, while its enhancements add requirements like automated enforcement and account monitoring.

Not all enhancements apply to every system — they're selected based on the system's security categorization and risk profile. Higher-impact systems typically require more enhancements.

Why It Matters

Understanding control enhancements helps you interpret your security baseline correctly. Some enhancements are required for your system's impact level, while others are optional — knowing the difference prevents over- or under-investing in security measures.