Hero Banner

SANS Top 20 Controls

Free Downloads - Cyber Crisis Tabletop Exercise Checklist

Sans Top 20 Controls

Reducing Risk with SANS 20 CSC

The SANS 20 Critical Security Controls is a list designed to provide maximum benefits toward improving risk posture against real-world threats. The SANS Top 20 CSC are mapped to NIST controls as well as NSA priorities.

The SANS 20 is a flexible starting point, applicable to nearly any organisation regardless of size, industry, geography or government/commercial. 

Developed and maintained by an international group of organisations, government agencies and security experts, the controls are prioritised to protect the organisation’s infrastructure and data by strengthening the organisation’s defence system through continuous automated protection and monitoring (Critical Security Controls).

CSC 1: Inventory of Authorised and Unauthorised Devices
CSC 2: Inventory of Authorised and Unauthorised Software
CSC 3: Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations and Servers
CSC 4: Continuous Vulnerability Assessment and Remediation
CSC 5: Controlled Use of Administrative Privileges
CSC 6: Maintenance, Monitoring and Analysis of Audit Logs
CSC 7: Email and Web Browser Protections
CSC 8: Malware Defenses
CSC 9: Limitation and Control of Network Ports, Protocols and Services
CSC 10: Data Recovery Capability
CSC 11: Secure Configurations for Network Devices, such as Firewalls, Routers and Switches
CSC 12: Boundary Defense
CSC 13: Data Protection
CSC 14: Controlled Access Based on the Need to Know
CSC 15: Wireless Access Control
CSC 16: Account Monitoring and Control
CSC 17: Security Skills Assessment and Appropriate Training to Fill Gaps
CSC 18: Application Software Security
CSC 19: Incident Response and Management
CSC 20: Penetration Tests and Red Team Exercises

For help with writing your Cybersecurity Documents effectively, visit eduwriter.ai 

New call-to-action


Subscribe for latest news, training discounts and event invitations.

Book a call to discuss or ask any questions about the course. Please don't forget to change your location first.