1

Inventory and Control of Enterprise Assets

2

Inventory and Control of Software Assets

3

Data Protection

4

Secure Configuration of Enterprise Assets and Software

5

Account Management

6

Access Control Management

7

Continous Vulnerability Management

8

Audit Log Management

9

Email and Web Browser Protections

10

Malware Defenses

11

Data Recovery

12

Network Infrastructure Management

13

Network Monitoring and Defense

14

Security Awareness and Skills Training

15

Service Provider Management

16

Applications Software Security

17

Incident Response Management

18

Penetration Testing