The Center for Internet Security: Open Call for Critical Security Controls Feedback

The Center for Internet Security has published a draft of its next Critical Security Controls release and is looking for your feedback to improve.

The Center for Internet Security has published a draft version of the updated Critical Security Controls document. The document provides a set of specific and prioritized actions that align with the NIST Cybersecurity Framework and other important security frameworks. The new version reflects the Center of Internet Security’s principles of “Offense informs defense” and prioritization (invest first in controls to that are feasible to implement in your computing environment and that offer the greatest reduction in risk).

The Center is asking for public feedback on this document by July 31. The updated draft was driven by feedback from a wide variety of users of the Critical Security Controls, and will benefit from your input, as practitioners of IT security.

As noted at the Center site, key updates in the new draft include:

  • Re-prioritization of some controls based on threat evolution
  • Restructuring of controls and merging of some items for simplification
  • Additional aids for planning and implementation
  • Better alignment with other frameworks

Even if you do not intend to send comments, the draft version is well worth reading to inform your assessment of your own security operations.

The current published version (5.1) is also a good read. In keeping with the tenet of prioritization, it offers “‘First Five Quick Wins’: sub-controls that have the most immediate impact on preventing attacks.” The controls are:

  1. Application whitelisting
  2. Use of standard, secure system configurations
  3. Patch application software within 48 hours
  4. Patch system software within 48 hours
  5. Reduce the number of users with administrative privileges

How many of these controls have you implemented in your environment?

Harriet Cohen

Data Protection Security Audit Checklist

Are you ready for your next security audit? Our checklist has 12 questions to help you prepare.

Download Now

Related Articles
No Place for Tor: IBM Preaches Zero Tolerance for Tor in Enterprise

A new report from IBM’s X-Force concludes that enterprise networks are no place for Tor.

Wanted: Clean Bills on Data Breach and Cyber Intel Sharing

The answer to getting critical federal legislation governing data breach disclosure and cyber threat information sharing is clear – once Congress takes politics out of the equation.

Credit Card Numbers – the Holiday Gift You Don’t Want to Give

Starting on Black Friday, the holiday shopping season is the biggest test of retailers’ security posture all year. Here are some of the threats retailers need to watch out for this season as well as tips for how to protect data in retail environments.

Harriet Cohen

Harriet Cohen is a senior product manager at Digital Guardian where she works in the Office of the CTO to turn innovative ideas for enhanced threat protection into product reality. Harriet has over ten years of experience in the security arena, encompassing both data protection and identity and access management.

Please post your comments here