Cyber security is a daily process. As an organization continues to evolve, making sure the security is continuously protected effectively against the latest threats is important.
Create a matrix of requirements with pass/fail criteria based on the organizations framework controls. Make sure to include:
Five technical controls specified within your guiding framework. If your guiding framework does not have technical controls enumerated, use NIST Special publication 800-53 and select technical controls appropriate for your organization.
Using your design/architecture, create test cases for each of the five technical controls that are appropriate for your design.