SANS is really getting it done this year! First they put out the CWE/SANS Top 25 Most Dangerous Programming Errors list back in January and now they just released the first draft of the Consensus Audit Guidelines (CAG) for protecting federal cyber assets. A collaborative effort between a myriad of federal agencies and private contributors, the CAG lays out a baseline of the 20 most critical security controls needed for federal entities and their contractors to be secure. The draft is open for feedback until March 25.
"The Consensus Audit Guidelines (CAG) are being released initially for public comment, but plans call for them to be piloted in several agencies later this year. Eventually the federal Chief Information Officers Council will evaluate the recommendations to decide whether it makes sense to adopt them as a standard throughout government."
The CAG, along with the current Administration's focus on cyber-security, will hopefully lead to some much needed improvements in federal agency security beyond theoften-criticized 'report card' approach that we've seen with FISMA.