Security controls with clear evidence boundaries

Each control is framed by what is verified now and what is still in preparation.