Monday, February 23, 2009

Blog: US Consortium Releases Consensus Security Audit Guidelines [CAG]

US Consortium Releases Consensus Security Audit Guidelines

SANS NewsBites Vol. 11 Num. 15 (February 23, 2009)

A consortium of security experts from government and industry has released the Consensus Audit Guidelines (CAG), a list of 20 controls that government and private industry organizations must implement to protect against and mitigate the effects of cyber attacks. For each control, the CAG details attacks that it stops or mitigates, how to implement and automate the control, and how to determine whether the control is implemented effectively. The CAG consortium includes the organizations that know how actual attacks are being executed (NSA Red and Blue teams,US-CERT, DC3, DoE Nuclear labs, and more.) The CAG is available for public comment through March 23, 2009. The full guidelines may be found at:

http://www.sans.org/cag/ http://www.theregister.co.uk/2009/02/23/cybersecurity_gold_standard/

http://news.cnet.com/8301-1009_3-10169583-83.html?part=rss&subj=news&tag=2547-1009_3-0-20

http://fcw.com/Articles/2009/02/23/cyber-controls.aspx

http://federaltimes.com/index.php?S=3957648

http://www.informationweek.com/news/security/government/showArticle.jhtml?articleID=214502467&subSection=News

[Editor's Note (Northcutt): I hope you will take a few minutes out of your busy day and take a look at these. You are going to see some initials to the left of the controls. QW stands for Quick Win. The big suggestion I have is to look over the quick wins and see if you can get a few of those in place. Great job on these and I hope we start to see thought leaders take advantage of this.]

No comments:

Blog Archive