This Operational Tier control triangle seeks to implement and manage the lifecycle of business and technology applications, ensuring they are planned, developed, and operated in alignment with the organisation’s solution design for data, software, and interfaces.

This control rolls down from the Manage Capability Domain and cascades into: 3.1.1-Manage Application Plan, 3.1.2-Manage Application Dependency, and 3.1.3-Manage Application Run control subdomains.

---

Control Mappings:
Cobit:2019 ➡️ APO01; APO01.10
ISO31000:2018 ➡️ 5.4; 5.4.4
NIST:CSFv2 ➡️ ID; ID.AM; ID.AM-02; ID.AM-08
CIS:v8 ➡️ Inventory and Control of Software Assets; Establish and Maintain a Software Inventory; Securely Manage Enterprise Assets and Software