The CAG - Consensus Audit Guidelines - Draft 1.0

Our state security committee has begun the review of the CAG. It has been discussed at our last two security meetings. There is much support in the committee for a guideline that actually has a good amount of body to it. I am in the process of updating a checklist for an internal audit. It is an old list and needs to be updated. That process is giving me an opportunity to go through the Consensus Guidelines and include a good amount of these best practices. In many cases, I already know the answers - and they will be no, we don't have these in place. At least the questions will be asked so that the ideas are put in place in the minds of the people who will be thinking about these questions. When I have completed my list, I will share it with our security committee. There may be others that will find it useful, or they may want to also edit and change it for their use. Our agency, as with others, will probably say that some of these ideas are beyond what we need - and definitely what we can afford. We are limited both financially and with resources. But as we go forward, these things will be in their minds and it will be interesting to see how they will impact all of us. There are many of these that could be implemented with little money and resources. Some of them I've already heard people from our agency say that we don't need. It is good to have the support of the security community when trying to explain that these things need to be in place! We have far to go before we sleep!!