tailieunhanh - Twenty Most Important Controls and Metrics for Effective 

Twenty Most Important Controls and Metrics for Effective Cyber Defense and Continuous FISMA Compliance Draft : February 23, 2009 NOTICE to readers of this draft document: Criticisms and suggestions are strongly encouraged. If you are actively engaged in cyber forensics, red teams, blue teams, technical incident response, vulnerability research, or cyber attack research or operations, please help make sure this document is as good as it can be. We also request support in identifying users who have implemented scalable methods for measuring compliance with these controls and producing sharable benchmarks and other types of baseline guidance that can be used to drive tool‐based assessment of as many of these controls as possible | Twenty Most Important Controls and Metrics for Effective Cyber Defense and Continuous FISMA Compliance Draft February 23 2009 NOTICE to readers of this draft document Criticisms and suggestions are strongly encouraged. If you are actively engaged in cyber forensics red teams blue teams technical incident response vulnerability research or cyber attack research or operations please help make sure this document is as good as it can be. We also request support in identifying users who have implemented scalable methods for measuring compliance with these controls and producing sharable benchmarks and other types of baseline guidance that can be used to drive tool-based assessment of as many of these controls as possible. Send criticism comments suggestions to John Gilligan jgilligan@ as well as to cag@ by March 25 2009. INTRODUCTION Securing our Nation against cyber attacks has become one of the Nation s highest priorities. To achieve this objective networks systems and the operations teams that support them must vigorously defend against external attacks. Furthermore for those external attacks that are successful defenses must be capable of thwarting detecting and responding to follow-on attacks on internal networks as attackers spread inside a compromised network. A central tenet of the US Comprehensive National Cybersecurity Initiative CNCI is that offense must inform defense . In other words knowledge of actual attacks that have compromised systems provides the essential foundation on which to construct effective defenses. The US Senate Homeland Security and Government Affairs Committee moved to make this same tenet central to the Federal Information Security Management Act in drafting FISMA 2008. That new proposed legislation calls upon Federal agencies to Establish security control testing protocols that ensure that the information infrastructure of the agency including contractor information systems operating on behalf of the .