Items & Resources
In this digital age, we rely on our computers and devices for so many aspects of our lives that the need to be proactive and vigilant to protect against cyber threats has never been greater. However, in order to be as secure as possible, we need to use good cyber hygiene - that is, making sure we are protecting and maintaining systems and devices appropriately and using cyber security best practices.
The Center for Internet Security (CIS) and the National Governors Association Governors Homeland Security Advisors Council have launched the Cyber Hygiene Campaign.
The Cyber Hygiene Campaign is a multi-year effort that provides key recommendations for a low-cost program that any organization can adopt to achieve immediate and effective defenses against cyber attacks.
Cyber Hygiene Campaign for state, local, tribal and territorial governments
The Cyber Hygiene Campaign is working with state governments to help create a movement toward adoption by all states. In that regard, the GHSAC adopted the Cyber Hygiene Campaign as a key focal point of its 2014/2015 program agenda and will encourage the use of funding through the federal Homeland Security Grant Program (HSGP) to help implement the Campaign's recommendations for state and local governments. CIS will provide independent, expert guidance to the Homeland Security Advisors in reviewing grant applications so that they identify measures most important to protecting their networks and systems from cyber attack.
Tools for the Cyber Hygiene Campaign
Cyber Hygiene Tools The Campaign has developed toolkits for each of its key recommendations to provide easily understood instruction sheets and information for entities to improve their cybersecurity posture: The toolkits are: Count, Configure, Control, Patch and Repeat. These toolkits are dynamic documents and will continue to evolve to meet the ever-changing cyber threat landscape. In addition, a unique Executive Measurement Guide will be issued to assist Executives in the implementation of the toolkits.
CIS Critical Security Controls A recommended set of actions for cyber defense that provide specific and actionable ways to thwart the most pervasive attacks.
CIS Benchmarks and Configuration Assessment Tool (CIS-CAT)More than 80 consensus-based, industry recognized security benchmarks for the most commonly used technologies are available, along with the SCAP-implementable CIS-CAT to help assess security posture in an automated way.
NIST Framework for Improving Critical Infrastructure Cybersecurity (Cybersecurity Framework)consists of standards, guidelines, and practices to promote the protection of critical infrastructure.
NIST's Security Content Automation Protocol (SCAP)A suite of standard, interoperable specifications for SCAP-capable tools to automate cyber security assessments, including the first five recommended actions of the Cyber Hygiene Campaign.
Australian Government Department of Defense Strategies to Mitigate Targeted Cyber IntrusionsA list of strategies to mitigate targeted cyber intrusions.