This Tactical Tier control triangle seeks to define the strategy and vision for software applications, ensuring alignment with business objectives, and to provide consulting and guidance to both business and IT teams for the effective selection, development, and management of applications.

This control rolls down from the Manage Capability Domain and cascades into: 3.1.1.1-Application Permission, 3.1.1.2-Application Access, and 3.1.1.3-Activity Logging controls.

---

Control Mappings:
Cobit:2019 ➡️ APO09; APO09.01; BAI03; BAI03.11; BAI11; BAI11.04
GDPR:2024 ➡️ Art.5; Art.22
ITIL:v4 ➡️ GM7; GM12; SM24; TM34
CIS:v8 ➡️ Inventory and Control of Software Assets; Establish and Maintain a Software Inventory; Access Control Management; Establish and Maintain an Inventory of Authentication and Authorization Systems