An objective within a framework (e.g. SOC 2 CC6.1) that you must satisfy and prove.
A control is a stated objective — a specific thing a framework requires your organization to do or have in place (restrict access, encrypt data at rest, review vendors, etc.). Frameworks group controls into families or criteria. Satisfying a control means both doing the thing and being able to prove it with evidence.
Looking for another term or the full list?