US Federal Government Cybersecurity Experts List Top 20 Most Critical Security Controls – Whitelisting, Encryption, Data Leak Prevention, Anti-Malware

A consortium of federal agencies has released the first version of the Consensus Audit Guidelines that define the most critical cyber-security controls to protect federal and contractor information and systems.

The SANS website lists the 20 top items.

Whitelisting of authorized and unauthorized hardware and software is a key component of the list.

Anti-Malware defenses make the list, as does data leakage protection.

Section 7 of the Data Leak Prevention section calls out for automatic encryption of removable storage (such as USB flash drives) and portable storage (eg. laptops).

There is a public commentary period until March 23, 2009. I plan to provide some commentary regarding data encryption.

Agencies who were involved in the creation of this list of security controls include:

• US National Security Agency Red Team and Blue Team
• US Department of Homeland Security, US-CERT
• US DoD Computer Network Defense Architecture Group
• US DoD Joint Task Force – Global Network Operations (JTF-GNO)
• US DoD Defense Cyber Crime Center (DC3)
• US Department of Energy Los Alamos National Lab, and three other
National Labs.
• US Department of State, Office of the CISO
• US Air Force
• US Army Research Laboratory
• US Department of Transportation, Office of the CIO
• US Department of Health and Human Services, Office of the CISO
• US Government Accountability Office (GAO)
• MITRE Corporation
• The SANS Institute
• Plus Commercial penetration testing and forensics experts at InGuardians and Mandiant

One Response to “US Federal Government Cybersecurity Experts List Top 20 Most Critical Security Controls – Whitelisting, Encryption, Data Leak Prevention, Anti-Malware”

  1. US Federal Government Cybersecurity Experts List Top 20 Most … | Identity Theft Articles Says:

    [...] here to see the original: US Federal Government Cybersecurity Experts List Top 20 Most …SHARETHIS.addEntry({ title: “US Federal Government Cybersecurity Experts List Top 20 Most …”, [...]

Leave a Reply