Steady Approach to Critical Controls

Ex-Air Force CIO John Gilligan on the Consensus Audit Guidelines
The Consensus Audit Guidelines -- the 20 critical IT security controls unveiled in early 2009 -- may not have been universally adopted by federal agencies, but they're having an impact on government policies toward securing information technology."The philosophy that underlies the Consensus Audit Guidelines has taken hold," former Air Force Chief Information Officer John Gilligan, the leader of a consortium that issued the guidelines, known as CAG, said in an interview with GovInfoSecurity.com.

The guidelines allow agencies to identify and address the most prominent threats by focusing on subsets of those threats, Gilligan says. "Those principles are now pretty much baked in," he says, "so when you look at the latest FISMA guidance that's coming out of OMB, looking at what's happening on the hill in the legislation proposals, they sort of have those same philosophies. that's really what was the basis of consensus audit guidelines

"I won't say we were genius, but we created all of this, we perhaps in the consensus audit guidelines were some of the first to really codify and put emphasis on those e-principles."

In the interview, Gilligan also discusses how agencies should take a deliberate approach in implementing CAG and the success the State Department has achieved through the implementation of critical controls.

During his 25 years in government, Gilligan served as CIO at the Energy Department. He now heads his own consulting firm, the Gilligan Group. Gilligan remains a big influence on government IT, not only leading the consortium that developed CAG but coauthored the influential Commission on Cybersecurity for the 44th Presidency report. He also serves as chairman of the Center for Internet Security, a not-for-profit with a mission to establish and promote the use of consensus-based standards to raise the level of security and privacy in Internet-connected systems.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.