Tuesday, August 11, 2009

Blog: Twenty Critical Controls ("the CAG") Update

Twenty Critical Controls ("the CAG") Update

SANS NewsBites Vol. 11 Num. 63 (August 11, 2009)

(1) V2.1 To Be Released This Week

On Friday of this week Version 2.1 of the 20 Critical Controls for Effective Cyber Defense will be published at the CSIS site. This update reflects input from more than 100 organizations that reviewed the initial draft and contains the mapping of the 20 Critical Controls to revised NIST 800-53 controls requested by NIST.

(2) Search for Effective Automation Tools Begins This release also signals the launch of the search for tools that automate one or more of the controls. The authors have already received seven submissions from vendors that believe their tools provide effective automation for the implementation and continuous monitoring of several controls. The new search will last until August 31. Any user that has automated elements of the 20 Critical Controls and any vendors that have tools that automate those controls, should send submission to cag@sans.org before August 31. Those that are demonstrated to actually work will be posted and may be included in the first National Summit on Planning and Implementing the 20 Critical Controls to be held at the Reagan Center in November. If you are wondering whether your tools meet the needs, you can find a draft at http://www.sans.org/cag/guidelines.php

(3) A 60 minutes webcast on Thursday, August 13, 1PM - 2PM EDT:

"Three Keys To Understanding and Implementing the Twenty Critical Controls for Improved Security in Federal Agencies" with James Tarala and Eric Cole. For free registration, visit

https://www.sans.org/webcasts/show.php?webcastid=92748

No comments:

Blog Archive