---
type: "term"
title: "Control Objective"
description: "The specific aim or purpose that a control is intended to achieve, defining what the control should accomplish in terms of risk mitigation for a particular threat cluster."
resource: "tlctc:term:control-objective"
tags:
  - "glossary"
---
# Control Objective

The specific aim or purpose that a control is intended to achieve, defining what the control should accomplish in terms of risk mitigation for a particular threat cluster. Each control aligns with a single, clear objective.

**Related reading:** [NIST SP 800-218 (SSDF) × TLCTC](https://www.tlctc.net/tlctc-NIST.SP.800-218.html), [SABSA × TLCTC — architecture × threat ontology](https://www.tlctc.net/sabsa-tlctc-blog.html), [D3FEND × TLCTC — the missing axis](https://www.tlctc.net/missing-axis-d3fend-tlctc.html), [Logical impossibility of control-first regulation](https://www.tlctc.net/tlctc-control-first-regulation.html), [G7 SBOM-for-AI — control fixation critique](https://www.tlctc.net/sbom-for-ai-control-fixation.html), [The Commit Is the CVE — silent fixes & the patch-gap collapse](https://www.tlctc.net/silent-fix-window.html), [The Control Fixation Reflex](https://www.tlctc.net/control-fixation-reflex.html), [TLCTC Control Matrix Manager](https://www.tlctc.net/control-matrix.html), [Propagated Controls — Rule of Propagation](https://www.tlctc.net/tlctc-propagated-controls.html), [Control Matrix for SME & Private (TLCTC v2.0)](https://www.tlctc.net/tlctc-sme-private-controls.html), [Capability-based planning via 10×(6×2) matrix](https://www.tlctc.net/tlctc-capability-based-planning.html), [The Audit Trap — compliance ≠ security](https://www.tlctc.net/tlctc-audit-trap.html)