Critical Security Controls guidance
The Critical Security Controls for cyber defence are a baseline of high-priority information security measures and controls that can be applied across an organisation in order to improve its cyber defence. CPNI is participating in an international government-industry effort to promote the Critical Security Controls for computer and network security. The development of these controls is being coordinated by the Council on CyberSecurity website.
The 20 controls (and sub-controls) focus on various technical measures and activities, with the primary goal of helping organisations prioritise their efforts to defend against the current most common and damaging computer and network attacks. Outside of the technical realm, a comprehensive security program should also take into account many other areas of security, including overall policy, organisational structure, personnel issues and physical security. To help maintain focus, the 20 controls do not deal with these important but non-technical aspects of information security.
The 20 controls and supporting advice are dynamic in order that they recognise changing technology and methods of attack. All 20 controls, together with a brief description, are given on this site.
Content on the CPNI pages refers to version 3.1 of the controls, released in October 2011. Please note that version 4.1 of the controls has now been published and can be found on the Council on CyberSecurity website. When auditing systems against the controls or implementing the controls, the latest version of the Consensus Audit Guidelines must be used. Currently this is version 4.
This text is normally replaced by the Flash content. Please update your flash player here: flash player update