SANS Rocky Mountain Fall is Live Online! Join us Nov 2-7 MT for 17 interactive courses + NetWars. Save $300 thru 10/7.


Subscribe to SANS Newsletters

Join the SANS Community to receive the latest curated cyber security news, vulnerabilities and mitigations, training opportunities, and our webcast schedule.

GIAC Announces the GIAC Critical Controls Certification

A unique cybersecurity certification based on the Twenty Critical Security Controls

  • Bethesda, MD
  • July 1, 2014

GIAC Certifications is pleased to announce the GIAC Critical Controls Certification (GCCC), the only certification based on the Critical Security Controls, a prioritized, risk-based approach to security. The GCCC ensures that candidates have the knowledge and skills to implement and execute the Critical Security Controls recommended by the Council on Cybersecurity, and perform audits based on the standard.

Successful candidates will gain the necessary knowledge to understand the philosophies and driving forces behind the creation of the Critical Security Controls, their scope, and how these controls can be used to prioritize information security controls based on community risk assessment efforts. Candidates will understand how the Critical Security Controls relate to other information assurance standards (such as ISO 27000, NIST 800-53, the NIST Core Framework, and others) and how the controls can be used to meet the goals of those standards. GCCC holders will be able to make a practical difference in the security posture of any organization.

The Critical Security Controls are an effective and recognized security framework because they were vetted by, and reflect the strong consensus of, a broad community of security professionals spanning both government and industry. They were derived from analyses of the most common attack patterns regularly launched against actual networks. The Controls embody a "must do first" philosophy, prioritize specific high-payoff activities, and can serve as the basis for immediate high-value action.

CISOs, CIOs, IGs, systems administrators, and information security personnel can use the Controls as a specific guideline to manage and measure the effectiveness of their defenses. The Controls are designed to complement existing standards, frameworks, and compliance schemes by prioritizing the most critical threat and highest payoff defenses, while providing a common baseline for action against risks that we all face.

"We regularly encounter security practitioners utilizing the Critical Security Controls, but without a full understanding of the philosophies and ultimate goals of the project. The GCCC validates that a person truly understands the philosophies behind implementing and assessing an organization based on the controls," says James Tarala, Principal of Enclave Security and SANS Senior Instructor.

The SANS Institute has developed specific training material and courseware to teach students the techniques and tools to properly implement and audit the Critical Security Controls. The Implementing and Auditing the Critical Security Controls - In-Depth course is part of the SANS Institute's Cyber Defense curriculum which is comprised of information security courses designed specifically for computer, network and security professionals responsible for protecting and securing an organization's critical systems, assets, and data. The course and certification are also part of the SANS Technology Institute's master's degree program.

The course was created for security practitioners, auditors and managers of all levels by SANS Certified Instructors, who are real-world security practitioners and subject-matter experts that design and provide the hands-on, immersive training you need to keep your organization secure. Security practitioners will learn how to stop a threat, why the threat exists, and how to ensure that security measures deployed today will be effective against the next generation of threats.

The Critical Controls course shows security professionals how to implement the controls in an existing network through cost-effective automation. For auditors, CIOs, and risk officers, the course is the best way to understand how you will measure whether the Controls are effectively implemented.

GIAC now provides the means to certify cyber security professionals in this critical element of cyber defense. The GCCC exam will be released September 30, 2014 and pre-registration is now available at:

About GIAC

GIAC Certifications is a certification body featuring over 27 hands-on, technical certifications in information security. GIAC has certified over 50,000 IT security professionals since it was founded in 1999. Eleven GIAC certifications are accredited under the IEC/ISO/ANSI 17024 quality standard for certifying bodies. GIAC is an affiliate of the SANS Institute. (

SANS Media Contact

About SANS Institute

The SANS Institute was established in 1989 as a cooperative research and education organization. Today, SANS is the most trusted and, by far, the largest provider of cyber security training and certification to professionals in government and commercial institutions worldwide. Renowned SANS instructors teach more than 60 courses at In-Person and Live Online cyber security training events, and more than 50 courses are available anytime, anywhere with our OnDemand platform. GIAC, an affiliate of the SANS Institute, validates practitioner skills through more than 35 hands-on, technical certifications in cyber security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers a master’s degree, graduate certificates, and an undergraduate certificate in cyber security. SANS Security Awareness, a division of SANS, provides organizations with a complete and comprehensive security awareness solution, enabling them to easily and effectively manage their ‘human’ cybersecurity risk. SANS also delivers a wide variety of free resources to the InfoSec community including consensus projects, research reports, webcasts, podcasts, and newsletters; it also operates the Internet's early warning system – the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to support and educate the global information security community. (