IT Risk Management - Simple. Powerful. Refined.

  • IT Risk Assessment

    start with a strong foundation  

    Now Available

  • Compliance Assessment

    navigate regulations like a pro  

    Coming Soon

  • Control-2-Framework Mapper

    keep your controls on course  

    Coming Soon

  • SANS Top 20 Mapper

    analyze your progress  

    Coming Soon

  • Control Framework Assessment

    put your policies in perspective  

    Coming Soon

  • IT Policy Reviewer

    know where you stand  

    Coming Soon

  • Audit Program Generator

    manage with dynamic intelligence  

    Coming Soon

  • IT Audit & Security Utilities

    take action without breaking the bank  

    Coming Soon

  • Findings Repository

    save time with expertly prepared reports  

    Coming Soon

  • Ask an Expert

    get advice when you need it  

    Coming Soon

  1. Overview
  2. Details
  3. Features
  4. Resources

We’ve taken the Critical Security Controls identified by SANS and incorporated them into our simple, powerful tool, making it easier for you to analyze your strategies against the top SANS controls.

SANS Critical Security Controls are focused on IT security, not IT regulatory compliance or service management. However, implementing these controls can help you effectively manage your IT environment, increasing automation and efficiency.

If you’ve identified the SANS Critical Security Controls as a priority for your organization and you want to analyze your environment against those controls, our SANS Top 20 Mapper is the tool for you.

Recommended for organizations that have already identified the risks and controls for each IT policy, procedure, standard and guideline. If you have not done this, please refer to our Control Framework Assessment tool. is not affiliated with the SANS organization or the SANS Top 20 Critical Controls. does not explicitly endorse the SANS Top 20 Critical Controls or refute it as a valid control framework. 

The following critical controls are built into our SANS Top 20 Mapper.

  • Critical Control 1: Inventory of Authorized and Unauthorized Devices
  • Critical Control 2: Inventory of Authorized and Unauthorized Software
  • Critical Control 3: Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers
  • Critical Control 4: Continuous Vulnerability Assessment and Remediation
  • Critical Control 5: Malware Defenses
  • Critical Control 6: Application Software Security
  • Critical Control 7: Wireless Device Control
  • Critical Control 8: Data Recovery Capability
  • Critical Control 9: Security Skills Assessment and Appropriate Training to Fill Gaps
  • Critical Control 10: Secure Configurations for Network Devices such as Firewalls, Routers, and Switches
  • Critical Control 11: Limitation and Control of Network Ports, Protocols, and Services
  • Critical Control 12: Controlled Use of Administrative Privileges
  • Critical Control 13: Boundary Defense
  • Critical Control 14: Maintenance, Monitoring, and Analysis of Audit Logs
  • Critical Control 15: Controlled Access Based on the Need to Know
  • Critical Control 16: Account Monitoring and Control
  • Critical Control 17: Data Loss Prevention
  • Critical Control 18: Incident Response and Management
  • Critical Control 19: Secure Network Engineering
  • Critical Control 20: Penetration Tests and Red Team Exercises

Automate analysis – Save time and reduce errors with automation. Relying on spreadsheets and templates increases the likelihood of mistakes.

Prevent attacks – Well-defined information security polices and procedures are essential to protecting your environment.

Share the information – Our reports are easy to share with the decision makers in your organization who need to be involved in strengthening your information security policies. 

Contact us for detailed information about any of our tools and information about our subscription or partnership plans.

Request a free demo and see how our tools can benefit your business.

Request a Demo
See our tools in action and experience the power of efficiency.

* Required