diff --git a/pytm/pytm.py b/pytm/pytm.py
index a711687..9684af9 100644
--- a/pytm/pytm.py
+++ b/pytm/pytm.py
@@ -261,11 +261,17 @@ def __str__(self):
 
 class varControls(var):
     def __set__(self, instance, value):
-        if not isinstance(value, Controls):
+        if isinstance(value, dict):
+            for i in value:
+                Controls()._safeset(i, value[i])
+
+        elif isinstance(value, Controls):
+            super().__set__(instance, value)
+
+        elif not isinstance(value, Controls):
             raise ValueError(
                 f"expecting an Controls value, got a {type(value)}"
             )
-        super().__set__(instance, value)
 
 
 class varAssumptions(var):
diff --git a/tests/input.json b/tests/input.json
index 0cdcff8..0ba88ff 100644
--- a/tests/input.json
+++ b/tests/input.json
@@ -5,7 +5,52 @@
   "onDuplicates": "IGNORE",
   "boundaries": [
     {
-      "name": "Internet"
+      "name": "Internet",
+      "controls": {
+        "authenticatesDestination": false,
+        "authenticatesSource": false,
+        "authenticationScheme": "",
+        "authorizesSource": false,
+        "checksDestinationRevocation": false,
+        "checksInputBounds": false,
+        "definesConnectionTimeout": false,
+        "disablesDTD": false,
+        "disablesiFrames": false,
+        "encodesHeaders": false,
+        "encodesOutput": false,
+        "encryptsCookies": false,
+        "encryptsSessionData": false,
+        "handlesCrashes": false,
+        "handlesInterruptions": false,
+        "handlesResourceConsumption": false,
+        "hasAccessControl": false,
+        "implementsAuthenticationScheme": false,
+        "implementsCSRFToken": false,
+        "implementsNonce": false,
+        "implementsPOLP": false,
+        "implementsServerSideValidation": false,
+        "implementsStrictHTTPValidation": false,
+        "invokesScriptFilters": false,
+        "isEncrypted": false,
+        "isEncryptedAtRest": false,
+        "isHardened": false,
+        "isResilient": false,
+        "providesConfidentiality": false,
+        "providesIntegrity": false,
+        "sanitizesInput": false,
+        "tracksExecutionFlow": false,
+        "usesCodeSigning": false,
+        "usesEncryptionAlgorithm": "",
+        "usesMFA": false,
+        "usesParameterizedInput": false,
+        "usesSecureFunctions": false,
+        "usesStrongSessionIdentifiers": false,
+        "usesVPN": false,
+        "validatesContentType": false,
+        "validatesHeaders": false,
+        "validatesInput": false,
+        "verifySessionIdentifiers": false
+        }
     },
     {
       "name": "Server/DB"