美网络安全委员会top20网络安全关键控制点
1. Inventory of Authorized & Unauthorized Devices
授权或未授权的设备资产清单
2. Inventory of Authorized & Unauthorized Software
授权或未授权的软件资产清单
3. Secure Configurations for Hardware and Software on Mobile Devices,
Laptops, Workstations, and Servers
移动设备、笔记本电脑、工作站、服务器软件与硬件的安全配置
4. Continuous Vulnerability Assessment & Remediation
持续性的漏洞/脆弱性评估与修复
5. Malware Defenses
恶意软件防御
6. Application Software Security
应用软件安全
7. Wireless Access Control
无线网络访问控制
8. Data Recovery Capability
数据可恢复能力
9. Security Skills Assessment & Appropriate Training to Fill Gaps
通过安全技能评估及适当的培训填补不足
10. Secure Configurations for Network Devices such as Firewalls, Routers, and
Switches
网络设备如防火墙、路由、交换机的安全配置
11. Limitation and Control of Network Ports, Protocols and Services
限制与控制网络端口、协议及服务
12. Controlled Use of Administration Privileges
控制使用超级管理员帐户特权
13. Boundary Defense
边界防御
14. Maintenance, Monitoring & Analysis of Audit Logs
维护、监控与分析审计日志
15. Controlled Access Based on the Need to Know
基于仅需求的访问控制
16. Account Monitoring & Control
帐号监控与控制
17. Data Protection
数据保护
18. Incident Response and Management
事故响应与管理
19. Secure Network Engineering
安全的网络工程
20. Penetration Tests and Red Team Exercises
渗透测试及攻击演练
