Center for Strategic and International Studies (CSIS) Critical Controls for Effective Cyber Defense

CSIS’ Critical Controls for Effective Cyber Defense, commonly referred to as The 20 Critical Controls, is a consensus document outlining 20 crucial controls that form a prioritized baseline of information security measures that can be applied across enterprise environments. These consensus effort has identified 20 specific technical security controls that are viewed as effective in blocking currently known high-priority incidents, as well as those incident types expected in the future. The security guidelines developed by NIST and outline in Special Publication 800-53 provide a very comprehensive set of security controls. The 20 Critical Controls identify a subset of security control activities that can be referenced as tip baseline priority.

csrc.nist.gov/publications/drafts/800-53-rev4/sp800-53-rev4-ipd.pdf

csis-prod.s3.amazonaws.com/s3fs-public/legacy_files/files/publication/Twenty_Critical_Controls_for_Effective_Cyber_Defense_CAG.pdf