Boot Camp

CSIS Top 20 Critical Security Controls Training Boot Camp

This boot camp helps you master the 20 Important Security Controls as published by the Center for Strategic and International Studies (CSIS).

Everything you need to earn your certification

  • 90-day extended access to Boot Camp components, including class recordings
  • 100% Satisfaction Guarantee
  • Free 90-day Infosec Skills subscription (access to 1,400+ additional courses and labs)
  • Knowledge Transfer Guarantee

Award-winning training you can trust

Wistia video thumbnail

What you'll learn

Training overview

Securing the United States against cyber-attacks has become one of the nation’s highest priorities. To achieve this objective, networks, systems, and the operations teams that support them must vigorously defend against external attacks. Furthermore, for those external attacks that are successful, defenses must be capable of thwarting, detecting and responding to follow-on attacks on internal networks as attackers spread inside a compromised network.

This group of 20 crucial controls is designed to begin the process of establishing a prioritized baseline of information security measures and controls that can be applied across enterprise environments. Fifteen of these controls can be monitored, at least in part, automatically and continuously. Five controls are essential but do not appear to be able to be monitored continuously or automatically with current technology and practices.


Training schedule

  • Day 1
    • Information Security Overview

      • Mitigating Threats
      • Organizational Security
      • User- and Role-based Security
      • Authentication
      • Peripheral Security
      • Application and Messaging Security
      • Cryptography
  • Day 2
    • Information Security Overview

      • Public Key Infrastructure
      • Network Security
      •   Ports and Protocols
      •   Wireless Security
      •   Remote Access Security
      •   Vulnerability Testing and Monitoring
      •   Business Continuity
  • Day 3
    • The Top 20 Controls

      • Inventory of authorized and unauthorized devices
      • Inventory of authorized and unauthorized software
      • Secure configurations for hardware and software on workstations and servers
      • Continuous vulnerability assessment
      • Malware defenses
      • Application software security
      • Wireless device control
      • Data recovery capability
  • Day 4
    • The Top 20 Controls

      • Security skills assessment and appropriate training to fill gaps
      • Secure configurations for network devices such as Firewalls, Routers, and Switches
      • Limitation and control of network ports, protocols, and services
      • Controlled use of administrative privileges
      • Boundary defense
  • Day 5
    • The Top 20 Controls

      • Maintenance, monitoring, and analysis of security audit logs
      • Controlled access based on the need to know
      • Account monitoring and control
      • Data loss prevention
      • Incident response management
      • Secure network engineering
      • Penetration tests and red team exercises

Guaranteed results

Our boot camp guarantees

100% Satisfaction Guarantee

If you’re not 100% satisfied with your training at the end of the first day, you may withdraw and enroll in a different online or in-person course.

Knowledge Transfer Guarantee

If an employee leaves within three months of obtaining certification, Infosec will train a different employee at the same organization tuition-free for up to one year.

Unlock team training discounts

If you’re like many of our clients, employee certification is more than a goal — it’s a business requirement. Connect with our team to learn more about our training discounts.