Making best practice
Common practice

The Council mobilizes a broad community of stakeholders to contribute their knowledge, experience and expertise to identify, validate, promote and sustain the adoption of cybersecurity best practice.

The Council actively promotes the development and adoption of the Critical Security Controls - the measures widely acknowledged as representing the most critical steps an enterprise can take to markedly strengthen its ability to thwart attacks. An underlying theme of the Controls is support for large-scale, standards-based security automation for the management of cyber defenses
.Download Critical Security Controls v5.1

The Council is committed to the development of the cybersecurity workforce. Through the work of its expert panels, the Council seeks to develop consistency in job profiles, competency models, skills assessment and workforce management to contribute to the development of this essential workforce and support its evolution as a profession.

The Council is home to U.S. Cyber Challenge, which works with the cybersecurity community to bring accessible, compelling programs that motivate students and professionals to pursue education, development, and career opportunities in cybersecurity.

Sensible policy is required to provide well-informed guidance, constraints and incentives to drive adoption of best practices in cybersecurity and protect the interest of the broader community. The Council makes specific policy recommendations based on the collective insight of our experts.


As a User, you can learn how to help your enterprise assess and improve security.

Learn About Cybersecurity

Business Partners

Business Partners of the Council can associate with the best in the industry through membership.

Become a Member

Get Involved

Our Founding Members

  • Sans
  • Tripwire
  • Qualys