Community Gold Standard
The Community Gold Standard (CGS) is a comprehensive Information Assurance (IA) framework that can be used to develop, operate, and maintain an enterprise security plan.
The goal of the Community Gold Standard (CGS) framework is to provide the National Security System (NSS) community with guidance on the highest-level of practice for Information Assurance (IA) capabilities, in accordance with policies, standards, and best practices, while also considering the limitations set forth by current technologies.
The CGS Framework is organized into discrete IA capabilities, which reside under 11 overarching capability areas, each containing guidance for a comprehensive enterprise-wide IA solution. These solutions include Enterprise Operations, Governance (business practices), and Corporate Culture. CGS defines what it means for these capabilities to be considered at the “Gold Standard” level of contribution toward the IA mission.
Implementing Community Gold Standard
Decision-makers, including Chief Information Security Officers, Chief Information Officers and portfolio managers can use the CGS Framework to acquire an understanding of IA capabilities and the relationships therein to better define and prioritize the appropriate capabilities needed to protect information and information systems.
Investments in network hygiene and defense can fundamentally impede the adversaries’ ability to “get in,” “stay in,” and “act” in networks. Considering how to achieve device integrity, contain damage, defend accounts, and secure transport and availability can limit adversary actions; prioritization then can be applied to the efforts that provide the greatest return on investment.