The IT Law Wiki

Critical Controls

32,081pages on
this wiki
Add New Page
Add New Page Talk0

Overview Edit

The goal of the Critical Controls is to protect critical assets, infrastructure, and information by strengthening your organization's defensive posture through continuous, automated protection and monitoring of your sensitive information technology infrastructure to reduce compromises, minimize the need for recovery efforts, and lower associated costs.

The Critical Controls encompass and amplify efforts over the last decade to develop security standards, including the Security Content Automation Protocol (SCAP) sponsored by the National Institute of Standards and Technology (NIST) and the Associated Manageable Network Plan Milestones and Network Security Tasks developed by the National Security Agency (NSA).

In particular, NSA's work allowed for prioritizing the controls based on whether they address operational conditions being actively targeted and exploited, combat a large number of attacks, block attacks early in the compromise cycle, and deal with an expected high impact of successful exploitation. The Controls focus on automation to provide cost efficiency, measurable results, scalability, and reliability.

The five critical tenets of an effective cyber defense system as reflected in the Critical Controls are:

Source Edit

Also on Fandom

Random Wiki