Enterprise Control Matrix
Enterprise Control Matrix¶
Use this matrix to align the tutorial principles with operational controls, ownership, and evidence requirements.
Control Mapping¶
| Part | Principle | Primary Risk Addressed | Control Objective | Evidence to Capture | Typical Owner |
|---|---|---|---|---|---|
| 1 | Device identity validation | Wrong-target change | Verify target authenticity before write actions | Identity check results, mismatch logs | Network Automation Team |
| 2 | Pre-flight checks | Unsafe execution environment | Block changes when prerequisites fail | Pre-flight report, failure reason codes | Operations Engineering |
| 3 | Source-of-truth trust boundaries | Stale or incorrect intent data | Enforce field-level trust policy | Reconciliation artifact, policy decision log | Platform Engineering |
| 4 | Drift handling safety | Over-enforcement and outages | Classify drift before remediation | Drift diff, severity, disposition record | Compliance + NetOps |
| 5 | Real-world idempotency | Non-convergent changes | Ensure predictable convergence with bounded retries | Planned diff, post-check outcomes | Automation Engineering |
| 6 | Blast-radius scoping | Large-scale failure impact | Restrict rollout scope and batch expansion | Canary results, batch promotion approvals | Change Manager |
| 7 | Safe failure design | Cascading automation errors | Define deterministic abort conditions | Abort triggers, degraded-mode logs | SRE / NetOps |
| 8 | Rollback strategy realism | Unsafe or ineffective rollback | Choose context-appropriate recovery path | Rollback decision, pre/post validation | Incident Response Lead |
| 9 | Read/write phase separation | Opaque execution behaviour | Require reviewable plan before execution | Plan artifact, execution artifact linkage | Platform Engineering |
| 10 | Operator-friendly output | Slow triage and misinterpretation | Present actionable, structured run output | Run summaries, reason-code statistics | NOC / Operations |
| 11 | Audit-ready automation | Incomplete evidence trail | Capture end-to-end run artifacts | Manifest, before/after snapshots, run metadata | Governance / Audit |
| 12 | Secrets and credentials | Credential exposure and misuse | Enforce least-privilege and secure secret handling | Vault access logs, rotation records | Security Engineering |
| 13 | Human-in-the-loop design | Unreviewed high-risk actions | Insert approvals at ambiguity and impact gates | Approval records, gate decisions | Change Advisory Board |
| 14 | When not to automate | Premature automation risk | Use readiness criteria before automation | Readiness rubric, deferment rationale | Engineering Leadership |
Control Quality Criteria¶
A control is usually production-ready when it is:
- Preventive or detective by design
- Enforced by code, not policy text alone
- Observable with machine-readable evidence
- Owned by a named team and reviewed on cadence
Suggested Review Cadence¶
- Weekly: control failures and exception trends
- Monthly: drift, rollback, and gate quality analysis
- Quarterly: control ownership review and evidence retention audit
Quick Adoption Sequence¶
- Implement controls for Parts 1, 2, and 6 first
- Add Parts 9, 10, and 11 to improve observability and auditability
- Mature governance with Parts 12, 13, and 14