The Twenty (20) Critical Security Controls for Cyber Defense – also known as the Consensus Audit Guidelines (CAG) are a culmination of exhaustive research and development of information security initiatives that advocate a “offense must inform defense approach”, as noted by the SANS institute. Additionally, unlike many other benchmarks, standards, and frameworks – many which are directed at regulatory compliance provisions, the Twenty (20) Critical Security Controls represents essential safeguards and best practices for ultimately ensuring the confidentiality, integrity, and availability (CIA) of an organization’s critical systems resources.
Learn more about our signature product, the Global Information Security Compliance Packet (GISCP), the world's most complete security policy packet containing over 2,850 + pages of in-depth information security policies, procedures, forms, checklists, templates, provisioning and hardening documents, and much more.
Learn more today about the GISCP by viewing sample policies, forms, hardening documents, and more.
The framework – which included input from literally dozens of agencies, think tanks, and other leading organizations – consists of the following:
- Critical Control 1: Inventory of Authorized and Unauthorized Devices
- Critical Control 2: Inventory of Authorized and Unauthorized Software
- Critical Control 3: Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers
- Critical Control 4: Continuous Vulnerability Assessment and Remediation
- Critical Control 5: Malware Defenses
- Critical Control 6: Application Software Security
- Critical Control 7: Wireless Device Control
- Critical Control 8: Data Recovery Capability
- Critical Control 9: Security Skills Assessment and Appropriate Training to Fill Gaps
- Critical Control 10: Secure Configurations for Network Devices such as Firewalls, Routers, and Switches
- Critical Control 11: Limitation and Control of Network Ports, Protocols, and Services
- Critical Control 12: Controlled Use of Administrative Privileges
- Critical Control 13: Boundary Defense
- Critical Control 14: Maintenance, Monitoring, and Analysis of Audit Logs
- Critical Control 15: Controlled Access Based on the Need to Know
- Critical Control 16: Account Monitoring and Control
- Critical Control 17: Data Loss Prevention
- Critical Control 18: Incident Response and Management
- Critical Control 19: Secure Network Engineering
- Critical Control 20: Penetration Tests and Red Team Exercises
Security Policies | Essential for CSC Compliance | Download Today
Immediately, it become apparent that the majority of the aforementioned twenty (20) Critical Security Controls will need well-documented, comprehensive information security policies and procedures for meeting the stated requirements. The solution is the Global Information Security Compliance Packet (GISCP) set of operational, business specific, and information security policies, procedures, forms, checklists, templates, provisioning and hardening documents – and more – from Flat Iron Technologies, LLC.
Available for immediate download, the GISCP set of documentation includes literally hundreds of top-quality, professionally developed material.