By John Leyden
23rd February 2009
A consortium of US federal agencies have drawn up a list of critical
security controls they hope will serve as a gold standard for
The Consensus Audit Guidelines (CAG) list is part of larger plans to
apply the CSIS Commission report on cybersecurity as a blueprint for
making information security systems more secure. A public consultation
on the scheme, launched on Monday, is due to run through 23 March. After
that point federal security agencies will road-test the scheme.
Information security specialists at federal agencies pooled their
knowledge on current attack techniques and countermeasures to draw up a
list of 20 key actions, termed security controls, that organisations
need to take to defend against assault. The first 15 controls on the
draft list lend themselves to automation, while the remaining five have
more to do with broader security policy and personnel issues.
Although these controls were drawn up by federal agencies they might be
applied across diverse industry sectors from retailing, to banks,
defense contractors and government agencies.
Best Selling Security Books and More!