A consortium of US federal agencies have drawn up a list of critical security controls they hope will serve as a gold standard for cybersecurity. The Consensus Audit Guidelines (CAG) list is part of larger plans to apply the CSIS Commission report on cybersecurity as a blueprint for making information security systems more …
But what if an idea is proposed that is better suited as a *proactive* defense against attack vectors as yet unknown?
Just another security checklist
All very worthy, but doesn't mean a thing without a management system to ensure that the parameters chosen (eg for "control of ports, protocols and services") are aligned with the needs of the organisation and (equally important) stay aligned as the needs evolve. It's a pity no-one in the US seems to have heard of ISO 27001 - oh I forgot, it's Not Invented Here.
Look out for those "Ant-viruses". They're deadly!
"Feds forge gold standard for cybersecurity"
Right. Hands up anyone who, like me, thought this was going to be an article about the Government being caught falsifying their security reports / SOX compliance?
"The list resembles the guideline drawn up by the credit card industry for adherence to the PCI DSS"
Then it's shite and needs to be thrown out.
Seriously. If you've ever been involved in making a box PCI compliant, you know what kinds of asinine bollocks they make you do.