Security Controls 10. Simple and Pervasive – Security mechanisms must be simple, scalable, and easy to implement and manage throughout the organizational ecosystem (whether internal or external). 11. Explicit Trust Validation – Assumptions of integrity and trust level must be explicitly validated against organization risk threshold and tolerance. Assets and/or data systems must be validated before being allowed to interact with anyone/anything else.