The Twenty (20) Critical Security Controls for Cyber Defense – also known as the Consensus Audit Guidelines (CAG) – are a culmination of exhaustive research and development of information security initiatives that advocate an “offense must inform defense approach,” as noted by the SANS institute. Additionally, unlike many other benchmarks, standards and frameworks – many of which are directed at regulatory compliance provisions, the Twenty (20) Critical Security Controls represents essential safeguards and best practices for ultimately ensuring the confidentiality, integrity and availability of an organization’s critical systems resources.
