Skip to content ↓ | Skip to navigation ↓

The Twenty Critical Security Controls (20 CSC) have emerged as the “defacto yardstick by which corporate security programs can be measured,” according to the Cybersecurity Law Institute.

The 20 CSC were previously governed by SANS, but the ongoing development and adoption of the controls are now the responsibility of the Council on CyberSecurity, an independent, expert, not-for-profit organization with a global scope.

The Council on CyberSecurity was formed to seize this moment and catalyze change – specifically, to accelerate the widespread availability and adoption of effective cyber security measures, practice and policy.

The Council seeks to reach audiences everywhere to offer expert and independent assessments on the policies and practices that work best to conduct our lives more securely in cyberspace. It will support these assessments with benchmarks and measures based on rigorous expert analysis.

To do its work, the Council will mobilize broad communities of stakeholders who are willing to bring their knowledge, experience, and commitment to a common goal: to identify, validate, promote, and sustain the adoption of cybersecurity best practice – by people, with technology, and through policy – to create a world in which best practice becomes common practice.

By creating an independent, expert and global platform and by focusing on effective and measurable practice, the Council seeks to lay the foundation urgently necessary to create security for all users in cyberspace.

In this video, Jane Lute, Tony Sager and Maurice Uenuma discuss the evolution of the 20 Critical Security Controls and the mission of the Council on CyberSecurity.


The Council is committed to the ongoing development and widespread adoption of the Critical Controls, to elevating the competencies of the cybersecurity workforce, and to the development of policies that lead to measurable improvements in our ability to operate safely, securely and reliably in cyberspace.

More to come from the Council on CyberSecurity soon – stay tuned!

Hasta pronto!



Related Resources:


Other Resources:

picThe Executive’s Guide to the Top 20 Critical Security Controls

Tripwire has compiled an e-book, titled The Executive’s Guide to the Top 20 Critical Security Controls: Key Takeaways and Improvement Opportunities, which is available for download [registration form required].


picDefinitive Guide to Attack Surface Analytics

Also: Pre-register today for a complimentary hardcopy or e-copy of the forthcoming Definitive Guide™ to Attack Surface Analytics. You will also gain access to exclusive, unpublished content as it becomes available.


Title image courtesy of ShutterStock