diff --git a/.bumpversion.cfg b/.bumpversion.cfg
index 0e34519..62f89c2 100644
--- a/.bumpversion.cfg
+++ b/.bumpversion.cfg
@@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 4.0.0
+current_version = 4.1.0
 commit = True
 message = Bumps version to {new_version}
 tag = False
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 02e2901..36ddccf 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,14 @@
 All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](http://keepachangelog.com/) and this project adheres to [Semantic Versioning](http://semver.org/).
+### [4.1.0](https://github.com/plus3it/terraform-aws-tardigrade-security-hub/releases/tag/4.1.0)
+
+**Released**: 2023.05.25
+
+**Summary**:
+
+*   Brought Standards_Control under management to enable or disable specified controls
+
 
 ### [4.0.0](https://github.com/plus3it/terraform-aws-tardigrade-security-hub/releases/tag/4.0.0)
 
diff --git a/README.md b/README.md
index f5a784c..88c3c05 100644
--- a/README.md
+++ b/README.md
@@ -35,6 +35,7 @@ No resources.
 | <a name="input_control_finding_generator"></a> [control\_finding\_generator](#input\_control\_finding\_generator) | (Optional) Updates whether the calling account has consolidated control findings turned on. | `string` | `"SECURITY_CONTROL"` | no |
 | <a name="input_product_subscription_arns"></a> [product\_subscription\_arns](#input\_product\_subscription\_arns) | List of product arns to subscribe to. See https://www.terraform.io/docs/providers/aws/r/securityhub_product_subscription.html | `list(string)` | `[]` | no |
 | <a name="input_standard_subscription_arns"></a> [standard\_subscription\_arns](#input\_standard\_subscription\_arns) | List of standard arns to subscribe to. See https://www.terraform.io/docs/providers/aws/r/securityhub_standards_subscription.html | `list(string)` | `[]` | no |
+| <a name="input_standards_control"></a> [standards\_control](#input\_standards\_control) | List of Security Hub standards to enable or disable in current region. | <pre>list(object({<br>    name                  = string<br>    standards_control_arn = string<br>    control_status        = string<br>    disabled_reason       = string<br>  }))</pre> | `[]` | no |
 
 ## Outputs
 
diff --git a/main.tf b/main.tf
index aaa9133..fcf1cc1 100644
--- a/main.tf
+++ b/main.tf
@@ -17,6 +17,16 @@ module "subscriptions" {
   ]
 }
 
+# Manage Control status
+module "standards_control" {
+  source   = "./modules/standards_control"
+  for_each = { for control in var.standards_control : control.name => control }
+
+  standards_control_arn = each.key
+  control_status        = each.value.control_status
+  disabled_reason       = each.value.disabled_reason
+}
+
 # Manage action targets
 module "action_targets" {
   source   = "./modules/action_target"
diff --git a/modules/standards_control/README.md b/modules/standards_control/README.md
new file mode 100644
index 0000000..ee6ad00
--- /dev/null
+++ b/modules/standards_control/README.md
@@ -0,0 +1,36 @@
+# terraform-aws-tardigrade-security-hub/standards_control
+
+<!-- BEGIN TFDOCS -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.64.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.64.0 |
+
+## Resources
+
+| Name | Type |
+|------|------|
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_control_status"></a> [control\_status](#input\_control\_status) | Control status enabled or disabled | `string` | n/a | yes |
+| <a name="input_disabled_reason"></a> [disabled\_reason](#input\_disabled\_reason) | A description of the reason why you are disabling a security standard control | `string` | n/a | yes |
+| <a name="input_standards_control_arn"></a> [standards\_control\_arn](#input\_standards\_control\_arn) | The standards control ARN | `string` | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_standards_control"></a> [standards\_control](#output\_standards\_control) | Object containing SecurityHub standards control resource |
+
+<!-- END TFDOCS -->
diff --git a/modules/standards_control/main.tf b/modules/standards_control/main.tf
new file mode 100644
index 0000000..8f4820c
--- /dev/null
+++ b/modules/standards_control/main.tf
@@ -0,0 +1,5 @@
+resource "aws_securityhub_standards_control" "this" {
+  standards_control_arn = var.standards_control_arn
+  control_status        = var.control_status
+  disabled_reason       = var.disabled_reason
+}
diff --git a/modules/standards_control/outputs.tf b/modules/standards_control/outputs.tf
new file mode 100644
index 0000000..67f8119
--- /dev/null
+++ b/modules/standards_control/outputs.tf
@@ -0,0 +1,4 @@
+output "standards_control" {
+  description = "Object containing SecurityHub standards control resource"
+  value       = aws_securityhub_standards_control.this
+}
diff --git a/modules/standards_control/variables.tf b/modules/standards_control/variables.tf
new file mode 100644
index 0000000..198a8a1
--- /dev/null
+++ b/modules/standards_control/variables.tf
@@ -0,0 +1,14 @@
+variable "standards_control_arn" {
+  description = "The standards control ARN"
+  type        = string
+}
+
+variable "control_status" {
+  description = "Control status enabled or disabled"
+  type        = string
+}
+
+variable "disabled_reason" {
+  description = "A description of the reason why you are disabling a security standard control"
+  type        = string
+}
diff --git a/modules/standards_control/versions.tf b/modules/standards_control/versions.tf
new file mode 100644
index 0000000..076bf5b
--- /dev/null
+++ b/modules/standards_control/versions.tf
@@ -0,0 +1,10 @@
+terraform {
+  required_version = ">= 0.13"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 4.64.0"
+    }
+  }
+}
diff --git a/tests/securityhub_same_account/main.tf b/tests/securityhub_same_account/main.tf
index 5f660e4..67a600e 100644
--- a/tests/securityhub_same_account/main.tf
+++ b/tests/securityhub_same_account/main.tf
@@ -15,6 +15,29 @@ module "securityhub" {
   ]
 }
 
+module "standards_control" {
+  source = "../../"
+
+  standards_control = [
+    {
+      name                  = "cis-aws-foundations-benchmark"
+      standards_control_arn = "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0"
+      control_status        = "ENABLED"
+      disabled_reason       = ""
+    },
+    {
+      name                  = "pci-dss"
+      standards_control_arn = "arn:aws:securityhub:us-east-1::standards/pci-dss/v/3.2.1"
+      control_status        = "DISABLED"
+      disabled_reason       = "I don't like security"
+    }
+  ]
+}
+
 output "securityhub" {
   value = module.securityhub
 }
+
+output "standards_control" {
+  value = module.standards_control
+}
diff --git a/variables.tf b/variables.tf
index 009ba23..29bd47c 100644
--- a/variables.tf
+++ b/variables.tf
@@ -8,6 +8,17 @@ variable "action_targets" {
   default = []
 }
 
+variable "standards_control" {
+  description = "List of Security Hub standards to enable or disable in current region."
+  type = list(object({
+    name                  = string
+    standards_control_arn = string
+    control_status        = string
+    disabled_reason       = string
+  }))
+  default = []
+}
+
 variable "control_finding_generator" {
   description = "(Optional) Updates whether the calling account has consolidated control findings turned on."
   type        = string