The primary goal of the work instruction is to provide guidance and standardize the approach to developing the security control overlay for the architectural patterns found in the ACM MAP (Micro-services Application Pattern) paper. Although the content can aid any number of roles, it is tailored to security architecture, the MAP paper specifically, and the architect’s point of view. The secondary work instruction goal is to create a non-statistical decomposition/re-composition approach to security architecture that remains economical and lightweight without sacrificing the basics of control selection in the design process. The method seeks to avoid the abstract and sometimes esoteric risk conversation that occur in control conversations.