Welcome to the Critical Security Controls Solutions Directory. This resource assists you in finding security products that implement the Critical Security Controls. The Solutions Directory lists products under each Critical Security Control category. By clicking on the link for a particular Critical Control link, you will find two levels of information about products that are associated with that Control:
- Products shown with this logo have worked with SANS to produce What Works reports, where SANS has interviewed a user of the product and gets first-hand information on the effectiveness of the product and the lessons learned in deploying and using the product to efficiently and effectively implement one or more of the Critical Security Controls.
- Following those products which have been validated through a What Works effort, as a service to the security community SANS has included links from vendors who have mapped their products to the Critical Security Controls. SANS has not verified the use or effectiveness of these products.
Visit the Solutions Directory frequently for updated listings and future information on integrated sets of products that implement multiple Critical Security Controls.
CIS Critical Security Controls - Version 6.0
To learn more about the CIS Critical Security Controls and download a free detailed version please visit: http://www.cisecurity.org/critical-controls/
CSC 1: Inventory of Authorized and Unauthorized Devices CSC 2: Inventory of Authorized and Unauthorized Software CSC 3: Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers CSC 4: Continuous Vulnerability Assessment and Remediation CSC 5: Controlled Use of Administrative Privileges CSC 6: Maintenance, Monitoring, and Analysis of Audit Logs CSC 7: Email and Web Browser Protections CSC 8: Malware Defenses CSC 9: Limitation and Control of Network Ports, Protocols, and Services CSC 10: Data Recovery Capability CSC 11: Secure Configurations for Network Devices such as Firewalls, Routers, and Switches CSC 12: Boundary Defense CSC 13: Data Protection CSC 14: Controlled Access Based on the Need to Know CSC 15: Wireless Access Control CSC 16: Account Monitoring and Control CSC 17: Security Skills Assessment and Appropriate Training to Fill Gaps CSC 18: Application Software Security CSC 19: Incident Response and Management CSC 20: Penetration Tests and Red Team Exercises