[Cisspstudy] Consensus Audit Guidelines Draft 1.0 on SANS

Prakash prakash2757 at yahoo.com
Wed Feb 25 04:36:46 EST 2009 

Twenty Most Important Controls and Metrics for Effective Cyber Defense and Continuous FISMA Compliance

    *  Consensus Audit Guidelines - Introduction (Draft 1.0)
    * Critical Control 1: Inventory of authorized and unauthorized hardware.
    * Critical Control 2: Inventory of authorized and unauthorized software; enforcement of white lists of authorized software.
    * Critical Control 3: Secure configurations for hardware and software on laptops, workstations, and servers.
    * Critical Control 4: Secure configurations of network devices such as firewalls, routers, and switches.
    * Critical Control 5: Boundary Defense
    * Critical Control 6: Maintenance, Monitoring and Analysis of Complete Audit Logs
    * Critical Control 7: Application Software Security
    * Critical Control 8: Controlled Use of Administrative Privileges
    * Critical Control 9: Controlled Access Based On Need to Know
    * Critical Control 10: Continuous Vulnerability Testing and Remediation
    * Critical Control 11: Dormant Account Monitoring and Control
    * Critical Control 12: Anti-Malware Defenses
    * Critical Control 13: Limitation and Control of Ports, Protocols and Services
    * Critical Control 14: Wireless Device Control
    * Critical Control 15: Data Leakage Protection
    * Critical Control 16: Secure Network Engineering
    * Critical Control 17: Red Team Exercises
    * Critical Control 18: Incident Response Capability
    * Critical Control 19: Data Recovery Capability
    * Critical Control 20: Security Skills Assessment and Appropriate Training To Fill Gaps

You can review each control in detail here.
http://www.sans.org/cag/

** You may get multiple copy of this mail if you have subscribed to different security groups

Hope Security community finds this useful.




      
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20090225/270668c7/attachment.html>

More information about the cisspstudy mailing list