What Are the Controls?
The detailed Consensus Audit Guidelines are posted at http://www.sans.org/cag/ along with detailed control descriptions, examples of attacks they stop or mitigate, how to automate them, and how to test them. Below is the list of control names:

Critical Controls Subject to Automated Measurement and Validation:

1. Inventory of Authorized and Unauthorized Hardware
2. Inventory of Authorized and Unauthorized Software
3. Secure Configurations for Hardware and Software for Which Such Configurations Are Available
4. Secure Configurations of Network Devices Such as Firewalls and Routers
5. Boundary Defense
6. Maintenance and Analysis of Complete Security Audit Logs
7. Application Software Security
8. Controlled Use of Administrative Privileges
9. Controlled Access Based On Need to Know
10. Continuous Vulnerability Testing and Remediation
11. Dormant Account Monitoring and Control
12. Anti-Malware Defenses
13. Limitation and Control of Ports, Protocols and Services
14. Wireless Device Control
15. Data Leakage Protection

Additional Critical Controls (not directly supported by automated measurement and validation):

16. Secure Network Engineering
17. Red Team Exercises
18. Incident Response Capability
19. Assured Data Back-Ups
20. Security Skills Assessment and Training to Fill Gaps

http://sec.chinabyte.com/465/12310465.shtml

http://www.sans.org/critical-security-controls/

SANS top 20的更多相关文章

  1. Top 20 Java Libries Used by Github's Most Popular Java Projects

    Top 20 Java Libries Used by Github's Most Popular Java Projects:

  2. Top 20 NuGet packages for captcha

    Top 20 NuGet packages for captcha CaptchaMvc.Mvc4 CaptchaMvc will implement your web MVC application ...

  3. 机器学习 Top 20 Python 开源项目

    转自:http://mp.weixin.qq.com/s?__biz=MzA4MjEyNTA5Mw==&mid=2652565022&idx=1&sn=9aa035097120 ...

  4. 2015 年开源前端框架盘点 TOP 20

    1.名称:Bootstrap 类别/语言:HTML.CSS.JavaScript 创建者: Twitter 人气:在Github上有91007 stars 描述:主流框架中毋庸置疑的老大,Bootst ...

  5. Top 20 JavaScript Projects of 2017

    https://www.youtube.com/watch?v=SUMn8y3pi28 20. AngularJS 1 19. Passport 18. Pug 17. Socket.IO 16. J ...

  6. 使用Scala开发Apache Kafka的TOP 20大好用实践

    本文作者是一位软件工程师,他对20位开发人员和数据科学家使用Apache Kafka的方式进行了最大限度得深入研究,最终将生产实践环节需要注意的问题总结为本文所列的20条建议. Apache Kafk ...

  7. 【译】快速高效学习Java编程在线资源Top 20

    想要加强你的编程能力吗?想要提升你的 Java 编程技巧和效率吗? 不用担心.本文将会提供快速高效学习 Java 编程的 50 多个网站资源: 开始探索吧: 1.MKyong:许多开发者在这里可以找到 ...

  8. 值得收藏--GitHub Top 20 开源项目

    参考链接:https://github.com/Aufree/trip-to-iOS/blob/master/Top-100.md 项目名称                            项目 ...

  9. Top 20 IoT Platforms in 2018

    https://internetofthingswiki.com/top-20-iot-platforms/634/ After learning what is the internet of th ...

随机推荐

  1. Python爬虫获取迅雷会员帐号

    代码如下: import re import urllib.request import urllib import time from collections import deque head = ...

  2. MongoDB 聚合

    聚合操作过程中的数据记录和计算结果返回.聚合操作分组值从多个文档,并可以执行各种操作,分组数据返回单个结果.在SQL COUNT(*)和group by 相当于MongoDB的聚集. aggregat ...

  3. hdu 4602 Partition (概率方法)

    Partition Time Limit: 2000/1000 MS (Java/Others)    Memory Limit: 32768/32768 K (Java/Others) Total ...

  4. U磁盘检测和大量收集量产工具

    1.ChipGenius ChipGenius是一款USB设备芯片型号检測工具,能够自己主动查询U盘.MP3/MP4.读卡器.移动硬盘等一切USB设备的主控芯片型号.制造商.品牌.并提供相关资料下载地 ...

  5. PHP数据结构预热:PHP的迭代器(转)

    迭代器有时又称光标(cursor)是程式设计的软件设计模式,可在容器物件(container,例如list或vector)上遍访的接口,设计人员无需关心容器物件的内容. 各种语言实作Iterator的 ...

  6. 数据的存储-NSKeyedArchiver和write to file介绍

    数据的存储-NSKeyedArchiver和write to file介绍 首先介绍各个文件的作用-->讲解文件位置的查找方法-->介绍数据存储的方式:1.使用归档方式存储数据 2.wri ...

  7. C#解leetcode 238. Product of Array Except Self

    Given an array of n integers where n > 1, nums, return an array output such that output[i] is equ ...

  8. Filter过滤器实现同一地址手机和电脑页面不同

    最近做一个网站,客户要求在访问主域名的时候实现电脑访问时展示电脑页面,手机访问时展示h5的手机页面,这种需求的使用还是比较多的:尤其网站需要百度推广的时候,百度推广就要求同一域名下,手机访问时展示手机 ...

  9. ASP.NET5 静态文件

    静态文件,包括HTML文件,CSS文件,图像文件和JavaScript文件,它是一个应用里所包含的资源. 1. 提供静态文件 默认的,静态文件存储在你的webroot目录下面,webroot的路径定义 ...

  10. knockoutjs关键点

    <p>Your value: <input data-bind="value: someValue, valueUpdate: 'afterkeydown'"/& ...