Security control rationalization is the process of assessing your security controls’ effectiveness; identifying and resolving gaps and overlaps in your security control stack; conducting a risk assessment of your security vendors; and then prioritizing, consolidating, and eliminating unnecessary security controls.