Top 10 High Value Controls
The DIB SCC Task Force Working Group Top 10 high value controls are a set of prioritized controls that is used to enhance contractual and regulatory requirements. It builds additional rigor around specific foundational controls already required and additional rigor, specificity and/or inclusion of high-value Advanced Persistent Threat (APT) focused controls.
Protecting Data in the Cloud
The DIB SCC Cloud Working Group has developed frequently asked questions regarding cloud security. These FAQs are provided to assist organizations with implementing cloud solutions.
The Microsoft Cloud Services Working Group brought ND-ISAC members together with Microsoft subject matter experts to elaborate common challenges, understand features, and provide updates on Microsoft Cloud Services roadmap. The Microsoft Reference Identity Architecture for US Defense Industrial Base is a result of months of collaboration among the Microsoft Cloud Services Working Group. It provides the group’s consensus on common challenges coupled with guidance on potential ways to overcome those challenges.
Helpful Links
Resources
- Cybersecurity and Infrastructure Security Agency – Stop Ransomware
The U.S. Government's official one-stop location for resources to tackle ransomware more effectively.
- DoD Procurement Toolbox
A collection of tools and services to help you and your organization manage, enable, and share procurement information across the Department of Defense.
- NIST – Small Business Cybersecurity Corner
NIST’s Small Business Cybersecurity Corner is your go-to source for learning how to keep your data safe. You’ll find information on cybersecurity basics, training for you and your employees, a NIST Cybersecurity Framework quick start guide and more, all specifically geared toward small businesses. It also has up-to-date guidance for teleworking security, as that becomes a more common practice in small businesses everywhere.
- U.S. Small Business Administration – Strengthen Your Cybersecurity
SBA resource that provides an introduction to cybersecurity for small business.
Benchmarks, Policies, and Guides
- Center for Internet Security – Benchmarks
This is a summary page for the 140+ configuration guidelines for various technology groups to safeguard systems developed by CIS.
- Center for Internet Security – Controls
Organizations around the world rely on the CIS Controls security best practices to improve their cyber defenses. CIS Controls Version 7.1 introduces new guidance to prioritize Controls utilization, known as CIS Implementation Groups (IGs). The IGs are a simple and accessible way to help organizations classify themselves and focus their security resources and expertise while leveraging the value of the CIS Controls.
- Center for Internet Security – Hardened Images
CIS Hardened Images are virtual machine emulations preconfigured to provide secure, on-demand, and scalable computing environments in the cloud.
- Center for Internet Security – Telework and Small Office Network Security Guide
This guide is meant to assist individuals and organizations in securing commodity routers, modems, and other network devices. Securing these devices is important as there are serious cybersecurity considerations surrounding the usage of network devices.
- Cybersecurity Hub White Papers
Cyber Security Hub is devoted to providing enterprise security professionals with the most comprehensive selection of cyber security whitepapers. All members of the website can research topics through its collection of IT security reports.
- DISA – Security Technical Information Guide (STIG)
The Security Technical Implementation Guides (STIGs) are the configuration standards for DOD IA and IA-enabled devices/systems. The STIGs contain technical guidance to “lock down” information systems/software that might otherwise be vulnerable to a malicious computer attack.
- DISA – Security Technical Information Guide (STIG): Document Library
Direct link to the STIGs document library
- Global Cyber Alliance – Cybersecurity Toolkit
This website provides free and effective tools you can use today to take immediate action to reduce risk for your business.
- SANS – Policy Templates
SANS Security Policy Resource page, a consensus research project of the SANS community. The ultimate goal of the project is to offer everything you need for rapid development and implementation of information security policies.
Training
- DoD Cyber Exchange Training
Collection of cyber training courses and training aids provided by the DoD Cyber Exchange. It provides an overview of cybersecurity threats and best practices to keep information and information systems secure.
- KnowBe4 – Security and Awareness Training
KnowBe4 is a large security awareness training and simulated phishing platform that helps you manage the ongoing problem of social engineering.
- U.S. Department of Health & Human Service Security Awareness and Training
This resource provides general awareness and role-based information security training documents.