Welcome to the Critical Security Controls Solutions Directory. This resource assists you in finding security products that implement the Critical Security Controls. The Solutions Directory lists products under each Critical Security Control category. By clicking on the link for a particular Critical Control link, you will find two levels of information about products that are associated with that Control:
- Products shown with this logo have worked with SANS to produce What Works reports, where SANS has interviewed a user of the product and gets first-hand information on the effectiveness of the product and the lessons learned in deploying and using the product to efficiently and effectively implement one or more of the Critical Security Controls.
- Following those products which have been validated through a What Works effort, as a service to the security community SANS has included links from vendors who have mapped their products to the Critical Security Controls. SANS has not verified the use or effectiveness of these products.
Visit the Solutions Directory frequently for updated listings and future information on integrated sets of products that implement multiple Critical Security Controls.
Critical control definitions are listed below.
- Critical Control 1: Inventory of Authorized and Unauthorized Devices
- Critical Control 2: Inventory of Authorized and Unauthorized Software
- Critical Control 3: Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers
- Critical Control 4: Continuous Vulnerability Assessment and Remediation
- Critical Control 5: Malware Defenses
- Critical Control 6: Application Software Security
- Critical Control 7: Wireless Access Control
- Critical Control 8: Data Recovery Capability
- Critical Control 9: Security Skills Assessment and Appropriate Training to Fill Gaps
- Critical Control 10: Secure Configurations for Network Devices such as Firewalls, Routers, and Switches
- Critical Control 11: Limitation and Control of Network Ports, Protocols, and Services
- Critical Control 12: Controlled Use of Administrative Privileges
- Critical Control 13: Boundary Defense
- Critical Control 14: Maintenance, Monitoring, and Analysis of Audit Logs
- Critical Control 15: Controlled Access Based on the Need to Know
- Critical Control 16: Account Monitoring and Control
- Critical Control 17: Data Protection
- Critical Control 18: Incident Response and Management
- Critical Control 19: Secure Network Engineering
- Critical Control 20: Penetration Tests and Red Team Exercises