SANS 20 Critical Controls for Effective Cyber Defense: Consensus Audit Guidelines (CAG)
The SANS 20 Critical Controls identifies a subset of security controls that CISOs, CIOs, and IGs can focus on as their top, shared priority for cyber security attacks. The process of gathering these specific controls and sub-controls focused on identifying the highest priority defenses and represents a subset of controls found in other audit guidelines and documents.
SAINT is included on the SANS 20 Critical Controls User Vetted Tools List Control #10 - Continuous Vulnerability Assessment and Remediation
SAINT customers use SAINT’s capabilities to provide automated support to Control #10 – Continuous Vulnerability Assessment and Remediation:
- SAINT features scheduling of daily, weekly, monthly, or quarterly scans, and automatic updates by SAINTexpress.
- SAINT features authenticated scanning using a Windows domain administrator account and/or a UNIX/Linux SSH account, and a credentials manager to facilitate the storage of multiple sets of credentials.
- SAINTwriter features trend reports, which provide a historical comparison of scan results, and indicate new vs. pre-existing vulnerabilities.
- Custom reports in SAINTwriter can be generated to chart results, by network.
- SAINTmanager allows setting of due dates for tickets, and features automatic e-mail notification of overdue tickets.