# Legacy control objectives
<a name="list-of-control-objectives"></a>

**Warning**  
This page will be removed in a future release.

These control objectives were the original objectives for AWS Control Tower controls. As AWS Control Tower has expanded to include more indistry frameworks, we have expanded the list of objectives. This list is available as historical guidance, to help you make the transition to newer controls and API implementations.

Sometimes controls must be applied in a group so that the control objective is enforced. Information about related controls is viewable in the AWS Control Tower console, on the **Control details** page.

**Legacy control objectives**

For more information about controls, see [https://docs.aws.amazon.com//controltower/latest/controlreference/controls-reference.html](https://docs.aws.amazon.com//controltower/latest/controlreference/controls-reference.html). To retrieve the most up-to-date list of new control objectives, call the [https://docs.aws.amazon.com/controlcatalog/latest/APIReference/API_ListObjectives.html](https://docs.aws.amazon.com/controlcatalog/latest/APIReference/API_ListObjectives.html) API from the *controlcatalog* namespace of AWS Control Tower.
+ **CO.1** Establish logging and monitoring
+ **CO.2** Encrypt data at rest
+ **CO.3** Encrypt data in transit
+ **CO.4** Protect data integrity
+ **CO.5** Enforce least privilege
+ **CO.6** Limit network access
+ **CO.7** Optimize costs
+ **CO.8** Improve resiliency
+ **CO.9** Improve availability
+ **CO.10** Protect configurations
+ **CO.11** Prepare for incident response
+ **CO.12** Manage vulnerabilities
+ **CO.13** Manage secrets
+ **CO.14** Prepare for disaster recovery
+ **CO.15** Use strong authentication