What Are the Controls?
The detailed Consensus Audit Guidelines are posted at http://www.sans.org/cag/ along with detailed control descriptions, examples of attacks they stop or mitigate, how to automate them, and how to test them. Below is the list of control names:

Critical Controls Subject to Automated Measurement and Validation:

1. Inventory of Authorized and Unauthorized Hardware
2. Inventory of Authorized and Unauthorized Software
3. Secure Configurations for Hardware and Software for Which Such Configurations Are Available
4. Secure Configurations of Network Devices Such as Firewalls and Routers
5. Boundary Defense
6. Maintenance and Analysis of Complete Security Audit Logs
7. Application Software Security
8. Controlled Use of Administrative Privileges
9. Controlled Access Based On Need to Know
10. Continuous Vulnerability Testing and Remediation
11. Dormant Account Monitoring and Control
12. Anti-Malware Defenses
13. Limitation and Control of Ports, Protocols and Services
14. Wireless Device Control
15. Data Leakage Protection

Additional Critical Controls (not directly supported by automated measurement and validation):

16. Secure Network Engineering
17. Red Team Exercises
18. Incident Response Capability
19. Assured Data Back-Ups
20. Security Skills Assessment and Training to Fill Gaps

http://sec.chinabyte.com/465/12310465.shtml

http://www.sans.org/critical-security-controls/

SANS top 20的更多相关文章

  1. Top 20 Java Libries Used by Github's Most Popular Java Projects

    Top 20 Java Libries Used by Github's Most Popular Java Projects:

  2. Top 20 NuGet packages for captcha

    Top 20 NuGet packages for captcha CaptchaMvc.Mvc4 CaptchaMvc will implement your web MVC application ...

  3. 机器学习 Top 20 Python 开源项目

    转自:http://mp.weixin.qq.com/s?__biz=MzA4MjEyNTA5Mw==&mid=2652565022&idx=1&sn=9aa035097120 ...

  4. 2015 年开源前端框架盘点 TOP 20

    1.名称:Bootstrap 类别/语言:HTML.CSS.JavaScript 创建者: Twitter 人气:在Github上有91007 stars 描述:主流框架中毋庸置疑的老大,Bootst ...

  5. Top 20 JavaScript Projects of 2017

    https://www.youtube.com/watch?v=SUMn8y3pi28 20. AngularJS 1 19. Passport 18. Pug 17. Socket.IO 16. J ...

  6. 使用Scala开发Apache Kafka的TOP 20大好用实践

    本文作者是一位软件工程师,他对20位开发人员和数据科学家使用Apache Kafka的方式进行了最大限度得深入研究,最终将生产实践环节需要注意的问题总结为本文所列的20条建议. Apache Kafk ...

  7. 【译】快速高效学习Java编程在线资源Top 20

    想要加强你的编程能力吗?想要提升你的 Java 编程技巧和效率吗? 不用担心.本文将会提供快速高效学习 Java 编程的 50 多个网站资源: 开始探索吧: 1.MKyong:许多开发者在这里可以找到 ...

  8. 值得收藏--GitHub Top 20 开源项目

    参考链接:https://github.com/Aufree/trip-to-iOS/blob/master/Top-100.md 项目名称                            项目 ...

  9. Top 20 IoT Platforms in 2018

    https://internetofthingswiki.com/top-20-iot-platforms/634/ After learning what is the internet of th ...

随机推荐

  1. Html中src、href的相对路径与绝对路径

    What is a path? Why is this something developers should care about? A path is simply the location of ...

  2. 小菜学习Lucene.Net(更新3.0.3版本使用)

    花了两天的时间研究了下Lucene.Net 发现确实挺好玩.... 最新版本是3.0.3 (最后更新时间2012-10) 可惜3.0.3版本的Lucene.net无法和盘古分词 (最新版为2.3.1. ...

  3. Atitit.hibernate体系结构大总结

    Atitit.hibernate体系结构大总结 1. 4.1 hibernate基础语义 80  4.1.1 configuration 80  4.1.2 sessionfactory 81  4. ...

  4. 重启adb服务

    通过命令提示符的方式来重启ADB服务的步骤如下: 1.输入adb kill-server并按下Enter键. 2.输入adb start-server并按下Enter键. 这样将会顺利地关闭ADB服务 ...

  5. MYSQL 体系结构图 log commit

  6. DTD简单使用

    DTD:Document Type Definition DTD是一种简单的XML约束模式语言 DTD文档必须以utf-8或unicode编码 注释方式与HTML.XML文档相同 DTD文档的引用:紧 ...

  7. Android开发手记(16) 数据存储一 SharedPreferences

    Android为数据存储提供了五种方式: 1.SharedPreferences 2.文件存储 3.SQLite数据库 4.ContentProvider 5.网络存储 SharedPreferenc ...

  8. this,super关键字的使用

    this关键字 1.this是对象的别名,是当前类的实例引用 2.在类的成员方法内部使用,代替当前类的实例.在Java中,本质上是指针,相当于C++中的指针概念.如果方法中的成员在调用前没有操作实例名 ...

  9. xmlns:android="http://schemas.android.com/apk/res/android" 是什么意思?

    声明xml命名空间.xmlns意思为“xml namespace”.冒号后面是给这个引用起的别名.schemas是xml文档的两种约束文件其中的一种,规定了xml中有哪些元素(标签).元素有哪些属性及 ...

  10. 删除重复记录的SQL语句

    1.所有字段均重复的记录(重复记录保留一条) Select distinct * into #Tmp from tblName Drop table tblName Select * into tbl ...