SANS - the most trusted source for computer security training, certification and research. SANS events attract a high-quality audience consisting of IT security decision makers and influencers in all industries.
Welcome to the new Solutions Directory for INFOSEC Professionals. This resource assists you in finding leading IT security vendors according to the Twenty Critical Security Controls their products and solutions support.
The Twenty Critical Security Controls are transforming security in government agencies and other large enterprises by focusing their spending on the key controls that block known attacks and find the ones that get through.
The Solutions Directory lists vendors according to Security Control category. By clicking on the Critical Control link, you can learn which vendors may be associated with the control. Visit the Solutions Directory frequently for updated listings and useful information when selecting the latest in IT security technologies.
Critical control definitions are listed below.
- Critical Control 1: Inventory of Authorized and Unauthorized Devices
- Critical Control 2: Inventory of Authorized and Unauthorized Software
- Critical Control 3: Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers
- Critical Control 4: Continuous Vulnerability Assessment and Remediation
- Critical Control 5: Malware Defenses
- Critical Control 6: Application Software Security
- Critical Control 7: Wireless Access Control
- Critical Control 8: Data Recovery Capability
- Critical Control 9: Security Skills Assessment and Appropriate Training to Fill Gaps
- Critical Control 10: Secure Configurations for Network Devices such as Firewalls, Routers, and Switches
- Critical Control 11: Limitation and Control of Network Ports, Protocols, and Services
- Critical Control 12: Controlled Use of Administrative Privileges
- Critical Control 13: Boundary Defense
- Critical Control 14: Maintenance, Monitoring, and Analysis of Audit Logs
- Critical Control 15: Controlled Access Based on the Need to Know
- Critical Control 16: Account Monitoring and Control
- Critical Control 17: Data Protection
- Critical Control 18: Incident Response and Management
- Critical Control 19: Secure Network Engineering
- Critical Control 20: Penetration Tests and Red Team Exercises