Research Project: This is a free AI research project. No warranties, SLAs, or company associations. Learn more

Back to Guides
Security Controls
Intermediate20 min

Understanding Security Control Evaluation

Learn how AI agents evaluate controls, interpret results, and generate remediation recommendations

In This Guide

Control TypesEvaluation LogicPass/Fail CriteriaEvidence Collection

Understanding how BrainstormMSP evaluates security controls helps you interpret results accurately and communicate findings to clients effectively.

1

Control Types

Technical Controls

Evaluated automatically through integrations:

Backup status and currency

MFA enrollment

Patch levels

Encryption status

EDR deployment

Procedural Controls

Require attestation or documentation:

Security awareness training

Incident response plans

Access review frequency

Vendor management

Physical Controls

Typically require manual verification:

Data center access

Hardware disposal

Visitor logging

2

Evaluation Logic

How Evaluations Work

1. **Data Collection** - Pull latest data from connected integrations

2. **Normalization** - Convert vendor-specific data to standard format

3. **Rule Application** - Apply control-specific evaluation rules

4. **Scoring** - Determine pass/fail and confidence level

5. **Evidence Capture** - Store supporting data for audit

Evaluation Frequency

Control TypeDefault Frequency

|--------------|-------------------|

Backup statusHourly
Patch statusDaily
Identity controlsDaily
ConfigurationWeekly
3

Pass/Fail Criteria

Determining Pass/Fail

Each control has defined criteria:

Example: CIS 11.2 (Automated Backups)

**Pass**: Backup completed within last 24 hours

**Fail**: No backup in 24+ hours

**Partial**: Backup exists but older than policy

Example: CIS 6.3 (MFA for Admin)

**Pass**: 100% of admin accounts have MFA

**Fail**: Any admin account without MFA

**N/A**: No admin accounts defined

Confidence Scores

Each evaluation includes confidence:

**High (90%+)**: Direct API evidence

**Medium (70-89%)**: Inferred from related data

**Low (<70%)**: Limited evidence available

4

Evidence Collection

What Counts as Evidence

BrainstormMSP collects:

Raw API responses (hashed for integrity)

Timestamps of data collection

Configuration snapshots

Change detection logs

Evidence Retention

Last 12 months retained by default

Point-in-time queries for any date

Export for auditor review

Cryptographic integrity verification

Using Evidence

Evidence supports:

Insurance attestations

Audit responses

Client reporting

Dispute resolution

Completed!

You've completed the Understanding Security Control Evaluation guide. Ready to continue learning?

Microsoft 365 Security ControlsAutomated Ticketing Workflows

Related Guides

Microsoft 365 Security Controls

Enable and configure Microsoft 365 security control evaluation across all clients