Home / Services / 20 CSC

Contact us

+244 222 746 001
+244 924 228 987
Complexo Horizonte Sul, nÂș 10
Via Talatona
Talatona, Luanda Sul
Contact form

20 CSC

Over the years, many security standards and requirements frameworks have been developed in attempts to address risks to enterprise systems and the critical data in them. However, most of these efforts have essentially become exercises in reporting on compliance and have actually diverted security program resources from the constantly evolving attacks that must be addressed. In 2008, this was recognized as a serious problem by the U.S. National Security Agency (NSA), and they began an effort that took an "offense must inform defense" approach to prioritizing a list of the controls that would have the greatest impact in improving risk posture against real-world threats. A consortium of U.S. and international agencies quickly grew, and was joined by experts from private industry and around the globe. Ultimately, recommendations for what became the Critical Security Controls (the Controls) were coordinated through the SANS Institute. In 2013, the stewardship and sustainment of the Controls was transferred to the Council on CyberSecurity (the Council), an independent, global non-profit entity committed to a secure and open Internet.

Critical Security Controls - Version 5

  • 1: Inventory of Authorized and Unauthorized Devices
  • 2: Inventory of Authorized and Unauthorized Software
  • 3: Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers
  • 4: Continuous Vulnerability Assessment and Remediation
  • 5: Malware Defenses
  • 6: Application Software Security
  • 7: Wireless Access Control
  • 8: Data Recovery Capability
  • 9: Security Skills Assessment and Appropriate Training to Fill Gaps
  • 10: Secure Configurations for Network Devices such as Firewalls, Routers, and Switches
  • 11: Limitation and Control of Network Ports, Protocols, and Services
  • 12: Controlled Use of Administrative Privileges
  • 13: Boundary Defense
  • 14: Maintenance, Monitoring, and Analysis of Audit Logs
  • 15: Controlled Access Based on the Need to Know
  • 16: Account Monitoring and Control
  • 17: Data Protection
  • 18: Incident Response and Management
  • 19: Secure Network Engineering
  • 20: Penetration Tests and Red Team Exercises