SANS TOP-20

Enhance Cybersecurity with SANS Critical Security Controls

The SANS Top 20 Critical Security Controls, now known as the CIS Controls (Center for Internet Security Controls), is a set of best practices and guidelines designed to help organizations improve their cybersecurity posture. Originally developed by the SANS Institute in collaboration with cybersecurity experts, the SANS Top 20 Controls were designed to provide organizations with a prioritized and practical approach to securing their information systems.The controls represent a comprehensive set of cybersecurity practices and measures aimed at preventing and mitigating the most common and impactful security threats and vulnerabilities. In 2018, the CIS Controls were updated and renamed to align with evolving security challenges, but the core principles remain the same.

Contact Us

SANS TOP-20 Overview

The SANS Top 20, now the CIS Controls, is a practical set of cybersecurity best practices that help organizations safeguard their systems and data. By following these 18 prioritized controls, organizations can address the most common and severe security risks, improve their defense posture, and align with compliance requirements. The CIS Controls are designed to be actionable, scalable, and effective in mitigating cyber threats.

1. Inventory and Control of Enterprise Assets

  • Maintain an up-to-date inventory of all hardware assets within the organization.
  • Identify and manage devices (including mobile devices, printers, etc.) to ensure only authorized assets are given access to systems

2. Inventory and Control of Software Assets

  • Maintain an inventory of software applications and systems.
  • Ensure only authorized software is installed and is regularly updated.
  • Implement software inventory and management processes

3. Continuous Vulnerability Management

  • Continuously identify, evaluate, and manage vulnerabilities in software and hardware.
  • Regularly apply patches and updates to address vulnerabilities.
  • Implement vulnerability scanning to detect risks early

4. Controlled Use of Administrative Privileges

  • Implement controls to limit administrative privileges and monitor the use of these privileges.
  • Enforce least privilege, and regularly review and revoke unnecessary admin rights

5. Secure Configuration for Hardware and Software

  • Establish secure baseline configurations for all hardware and software.
  • Regularly check and validate configurations against security best practices.

6. Maintenance, Monitoring, and Analysis of Audit Logs

  • Collect, maintain, and analyze logs to detect potential security events.
  • Ensure that logs are securely stored and regularly reviewed for suspicious activity

7. Email and Web Browser Protections

  • Protect against phishing and malicious email and browser-based threats
  • Implement web filtering and email protection techniques to block malicious links and attachments

8. . Malware Defenses

  • Protect against and detect malicious software through the use of antivirus, anti-malware tools, and behavioral monitoring

9. Limitation and Control of Network Ports, Services, and Protocols

  • Minimize open ports, services, and protocols to reduce attack surfaces
  • Regularly assess the network and disable unused ports and services

10. Data Recovery Capabilities

  • Implement data backup and recovery strategies to ensure business continuity in the event of an incident or disaster.
  • Regularly test data recovery procedures

11. Secure Configuration for Network Devices

  • Ensure that network devices (e.g., firewalls, routers, switches) are securely configured
  • Regularly audit and harden network device configurations.

12. Boundary Defense

  • Implement defenses that monitor and control data flowing across organizational boundaries
  • Use firewalls, intrusion detection/prevention systems (IDS/IPS), and other technologies to safeguard network traffic

13. Data Protection

  • Protect sensitive data through encryption and other access control measures
  • Implement controls to secure data both in transit and at rest

14. Controlled Access Based on Need to Know

  • Implement access controls that limit access to data and systems based on users’ roles and responsibilities.
  • Enforce access policies based on least privilege and job functions

15. Wireless Access Control

  • Secure wireless networks by using strong encryption, requiring authentication, and limiting access to authorized devices
  • Regularly assess wireless security settings

16. Account Monitoring and Control

  • Continuously monitor and control user accounts to prevent unauthorized access
  • Review account permissions regularly and disable unused accounts

17. Security Awareness and Skills Training

  • Provide cybersecurity training to employees and stakeholders to reduce the risk of human error.
  • Ensure that employees are aware of phishing, social engineering, and other common threats

18. Application Software Security

  • Secure the development and deployment of software applications
  • Implement secure coding practices, vulnerability testing, and patch management for software

1. Prioritized

The controls are designed to prioritize actions based on the most common and critical security risks

2. Actionable

The controls provide specific, actionable steps organizations can take to enhance security.

3. Measurable

Organizations can track their progress in implementing the controls and assess the effectiveness of security measures

4. Comprehensive

Cover a wide range of security domains, including hardware, software, network infrastructure, data protection, and user behavior

1. Improved Security Posture

Helps organizations significantly reduce the likelihood of a cyberattack by addressing the most critical security gaps

2. Regulatory Compliance

Many regulatory frameworks (e.g., HIPAA, PCI-DSS, NIST) align with the CIS Controls, making them useful for achieving compliance

3. Proactive Threat Mitigation

Focuses on early detection and prevention of cybersecurity risks, minimizing the damage caused by attacks

4. Clear Roadmap

Provides a clear, actionable framework for organizations to improve their security controls over time

5. Cost-Effective

Implementing these controls helps organizations protect their assets without requiring large-scale investments in complex tools

Boost Your Cybersecurity with Proven Controls

Contact Us Today to Implement the SANS Top 20!

Contact us