CSC 1: Inventory of Authorised and Unauthorised Devices
CSC 2: Inventory of Authorised and Unauthorised Software
CSC 3: Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations and Servers
CSC 4: Continuous Vulnerability Assessment and Remediation
CSC 5: Controlled Use of Administrative Privileges
CSC 6: Maintenance, Monitoring and Analysis of Audit Logs
CSC 7: Email and Web Browser Protections
CSC 8: Malware Defenses
CSC 9: Limitation and Control of Network Ports, Protocols and Services
CSC 10: Data Recovery Capability
CSC 11: Secure Configurations for Network Devices, such as Firewalls, Routers and Switches
CSC 12: Boundary Defense
CSC 13: Data Protection
CSC 14: Controlled Access Based on the Need to Know
CSC 15: Wireless Access Control
CSC 16: Account Monitoring and Control
CSC 17: Security Skills Assessment and Appropriate Training to Fill Gaps
CSC 18: Application Software Security
CSC 19: Incident Response and Management
CSC 20: Penetration Tests and Red Team Exercises