A control point is the place in a system where a rule, check, or decision is enforced. In cyber security, control points include login gates, API filters, content scanners, policy engines, and logging or approval steps. They matter because they are the exact spots where the system can allow, block, inspect, or record activity.
Attackers often try to avoid or tamper with control points. For example, they may bypass authentication, send traffic around a web filter, or exploit a weak integration point where a decision is made too early or too late. Defenders design systems so controls sit at the right layer and match the real data flow. If the control point is misplaced, security rules can become inconsistent, easy to evade, or expensive to maintain.