What Are the Controls?
The detailed Consensus Audit Guidelines are posted at http://www.sans.org/cag/ along with detailed control descriptions, examples of attacks they stop or mitigate, how to automate them, and how to test them. Below is the list of control names:

Critical Controls Subject to Automated Measurement and Validation:

1. Inventory of Authorized and Unauthorized Hardware
2. Inventory of Authorized and Unauthorized Software
3. Secure Configurations for Hardware and Software for Which Such Configurations Are Available
4. Secure Configurations of Network Devices Such as Firewalls and Routers
5. Boundary Defense
6. Maintenance and Analysis of Complete Security Audit Logs
7. Application Software Security
8. Controlled Use of Administrative Privileges
9. Controlled Access Based On Need to Know
10. Continuous Vulnerability Testing and Remediation
11. Dormant Account Monitoring and Control
12. Anti-Malware Defenses
13. Limitation and Control of Ports, Protocols and Services
14. Wireless Device Control
15. Data Leakage Protection

Additional Critical Controls (not directly supported by automated measurement and validation):

16. Secure Network Engineering
17. Red Team Exercises
18. Incident Response Capability
19. Assured Data Back-Ups
20. Security Skills Assessment and Training to Fill Gaps

http://sec.chinabyte.com/465/12310465.shtml

http://www.sans.org/critical-security-controls/

SANS top 20的更多相关文章

  1. Top 20 Java Libries Used by Github's Most Popular Java Projects

    Top 20 Java Libries Used by Github's Most Popular Java Projects:

  2. Top 20 NuGet packages for captcha

    Top 20 NuGet packages for captcha CaptchaMvc.Mvc4 CaptchaMvc will implement your web MVC application ...

  3. 机器学习 Top 20 Python 开源项目

    转自:http://mp.weixin.qq.com/s?__biz=MzA4MjEyNTA5Mw==&mid=2652565022&idx=1&sn=9aa035097120 ...

  4. 2015 年开源前端框架盘点 TOP 20

    1.名称:Bootstrap 类别/语言:HTML.CSS.JavaScript 创建者: Twitter 人气:在Github上有91007 stars 描述:主流框架中毋庸置疑的老大,Bootst ...

  5. Top 20 JavaScript Projects of 2017

    https://www.youtube.com/watch?v=SUMn8y3pi28 20. AngularJS 1 19. Passport 18. Pug 17. Socket.IO 16. J ...

  6. 使用Scala开发Apache Kafka的TOP 20大好用实践

    本文作者是一位软件工程师,他对20位开发人员和数据科学家使用Apache Kafka的方式进行了最大限度得深入研究,最终将生产实践环节需要注意的问题总结为本文所列的20条建议. Apache Kafk ...

  7. 【译】快速高效学习Java编程在线资源Top 20

    想要加强你的编程能力吗?想要提升你的 Java 编程技巧和效率吗? 不用担心.本文将会提供快速高效学习 Java 编程的 50 多个网站资源: 开始探索吧: 1.MKyong:许多开发者在这里可以找到 ...

  8. 值得收藏--GitHub Top 20 开源项目

    参考链接:https://github.com/Aufree/trip-to-iOS/blob/master/Top-100.md 项目名称                            项目 ...

  9. Top 20 IoT Platforms in 2018

    https://internetofthingswiki.com/top-20-iot-platforms/634/ After learning what is the internet of th ...

随机推荐

  1. vue-cli 中 使用vue-resource 输出后台数据

    阅读此文前,请了解vue-cli 组件如何使用  http://www.cnblogs.com/pearl07/p/6252116.html 1,mock(模拟)后台数据(新建data.Json文件) ...

  2. jQuery常用事件详解

    window.onload:在浏览器加载web页面时触发,可以写多次onload事件,但后者覆盖前者 ready:在浏览器加载web页面时触发,可以写多次ready事件,不会后者覆盖前者,依次从上向下 ...

  3. 谈论C++当然结果

    C++编程课程的考试已经结束.这是第一次OJCBT.摸着石头过河,考试没有给学生理解的说法.现在尘埃落定.一些交代. 先说大的成就的治疗原则.事实上,有很多的纠结. 按理说,合格的太,无法挂.但实际情 ...

  4. String.Split()函数

    我们在上次学习到了 String.Join函数(http://blog.csdn.net/zhvsby/archive/2008/11/28/3404704.aspx),当中用到了String.SPl ...

  5. C++类中静态变量

    以下是对类中static变量的一点解说    ===============================================    静态数据成员的用法和注意事项例如以下:       ...

  6. jq實現網頁個性title

    <!DOCTYPE html> <html content="text/html; charset=UTF-8"> <title>tooltip ...

  7. Asp.net 主题 【2】

    通常我们经常看到网页,一些软件提供换肤功能,各种主题间切换.ASP.NET 2.0 中可以用Theme和skin以及CSS轻松实现这个功能. 首先简单介绍一下三种技术:主题(Theme)技术,面板(s ...

  8. 关于SVD(Singular Value Decomposition)的那些事儿

    SVD简介 SVD不仅是一个数学问题,在机器学习领域,有相当多的应用与奇异值都可以扯上关系,比如做feature reduction的PCA,做数据压缩(以图像压缩为代表)的算法,还有做搜索引擎语义层 ...

  9. hibernate_validator_08

    内置的约束条件 Hibernate Validator包含了一些基本的使用比较广的约束,下面是一些Hibernate Validator给出的最常用的约束.另外Hibernate Validator还 ...

  10. Hibernate 一对多双向关联Demo

    以Classes[班级]和Student[学生]为例的Demo //Classes.java public class Classes implements Serializable { privat ...