“A Complete Revolution in Federal Cybersecurity”

This blog has previously discussed the CSIS Commission report on cybersecurity, and the one of the next steps towards federal cybersecurity was announced yesterday. A consortium of US federal agencies has drawn up a list of critical security controls they hope will serve as a gold standard for cybersecurity. The Consensus Audit Guidelines (CAG) list is part of larger plans to apply the CSIS Commission report on cybersecurity as a blueprint for making information security systems more secure.

The CAG project began last year in response to data losses in the US defense industry. Participants include the National Security Agency, the Department of Homeland Security, US-CERT, the Department of Defense, the US Department of Energy Los Alamos National Lab, and many others. Mitre Corporation, and the SANS Institute, are also involved.

“I do not know of anything going on in security that will have the impact this one can have,” Alan Paller, director of research at the SANS Institute told El Reg. “It’s a complete revolution in federal cybersecurity, and business security as well. In the past cybersecurity was driven by people who had no clue of how the attacks are carried out. They created an illusion of security. The CAG will turn that illusion to reality.”

The CAG’s Critical Security Controls:

1. Hardware audit.

2. Inventory of authorized and unauthorized software.

3. Secure configurations for computers and servers

4. Secure configurations of network kits such as firewalls and routers.

5. Boundary defense

6. Maintenance of audit logs

7. Application software security

8. Application of administrative privileges

9. Access controls based on need to know

10. Continuous vulnerability testing and remediation

11. Dormant account monitoring and control

12. Anti-malware defenses

13. Limitation and control of ports, protocols and services

14. Wireless device control

15. Data leak protection

16. Secure network engineering

17. Red team exercises

18. Incident response capability

19. Data recovery

20. Security Skills Assessment and Training

To read more about this HUGE announcement, check out more information at http://www.sans.org/cag/

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Please Share This Share this content

You Might Also Like

Microsoft offers $250,000 reward

Company Wants to Keep Botmaster Criminal as SysAdmin After Time Served

DNS Servers under Attack

Share this content