Perform audit on controls and evidence for this framework.
Review each control and its evidence requirements. Mark each requirement as approved, rejected, or not applicable.