Defense agencies list top 20 security controls

1. Inventory of authorized and unauthorized hardware.
2. Inventory of authorized and unauthorized software; enforcement of white lists of authorized software.
3. Secure configurations for hardware and software on laptops, workstations, and servers.
4. Secure configurations of network devices such as firewalls, routers, and switches.
5. Boundary Defense
6. Maintenance, Monitoring and Analysis of Complete Audit Logs
7. Application Software Security
8. Controlled Use of Administrative Privileges
9. Controlled Access Based On Need to Know
10. Continuous Vulnerability Testing and Remediation
11. Dormant Account Monitoring and Control
12. Anti-Malware Defenses
13. Limitation and Control of Ports, Protocols and Services
14. Wireless Device Control
15. Data Leakage Protection
16. Secure Network Engineering
17. Red Team Exercises
18. Incident Response Capability
19. Data Recovery Capability
20. Security Skills Assessment and Appropriate Training To Fill Gaps