Application teams often have to navigate a complex web of security teams and requirements in order to launch a secure and compliant solution. Once the solution has been launched, the teams have to survive audits and maintain the security of the application while keeping up with changing requirements and implementations, all while working hard to run and grow their business. While regulatory complexity is a large contributor to the challenge, it can be further exacerbated by the lack of a clear, well lit path provided by legal, compliance, and security teams. Application teams often receive conflicting requirements and priorities from various teams, or follow a path that leads to them launching a solution that is ‘secure’ but not compliant, or vise-versa? Security teams are often frustrated with the focus on compliance requirements, rather than leveraging them to meet shared goals. Russ Ayres (Equifax) and Derek Coulson (Mandiant) will review how Equifax simplified its control requirements framework to help internal customers navigate security requirements more easily and enable proper auditing scoping at response using the Equifax Security Controls Framework.