The SANS Institute has released critical security controls for cyber defense agreed to by a consortium of agencies including: “NSA, US Cert, DoD, DoD JTF-GNO, the Department of Energy Nuclear Laboratories, Department
of State, DoD Cyber Crime Center plus the top commercial forensics
experts and pen testers that serve the banking and critical
infrastructure communities,” according to the SANS website. Read the SANS Institute consensus audit guidelines.