As the number of cyber security incidents has grown, government agencies have responded by complying with the Federal Information Security Management Act (FISMA) and the National Institute of Standards and Technology (NIST) guidelines, but with inconsistent results. To help address this issue, SANS (www.sans.org) developed the Consensus Audit Guidelines (CAG) to provide prioritization of information security measures and controls. The CAG document identifies 20 crucial controls that can be applied across federal enterprise environments, and that are generally viewed as effective in blocking currently known high-priority attacks, as well as those attack types expected in the near future.
This white paper provides the steps to successfully implement the critical security controls listed in the CAG in order to avoid "adding another checklist" to an already overburdened and underfunded organization that is struggling to meet growing security and compliance demands. It also describes how NetIQ can help federal agencies implement and automate these controls.