Mile2’s vendor neutral IS20 Controls certification course covers proven general controls and methodologies that are used to execute and analyze the Top Twenty Most Critical Security Controls.


This course allows the security professional to see how to implement controls in their existing network(s) through highly effective and economical automation.


For management, this training is the best way to distinguish how you’ll assess whether these security controls are effectively being administered or if they are falling short to industry standards.


Nearly all organizations containing sensitive information are adopting and implementing the most critical security controls as the highest priority list. 


These controls were chosen by leading government and private organizations who are experts on how compromised networks/systems evolve and how to mitigate and prevent them from happening.


These leading security experts chose the best of breed controls needed to block known incidents as well as alleviate any damage from successful attacks.


Ultimately, the implementation of these Top 20 Controls will ensure best efforts to drastically decrease the overall cost of security while improving both the efficiency and effectiveness of it.



  • Individual Course Access
  • Course Video
  • Physical, Printed Course book
  • Exam Prep Guide
  • Exam Simulator
  • Exam

IS20 - IS20 Security Controls - Physical Course Kit & Exam

  • Critical Control 1

    •  Inventory of Authorized and Unauthorized Devices

    Critical Control 2

    • Inventory of Authorized and Unauthorized Software

    Critical Control 3

    • Secure Configurations for Hardware and Software on Laptops, Workstations, and Servers

    Critical Control 4

    • Secure Configurations for Network Devices such as Firewalls, Routers, and Switches

    Critical Control 5

    • Boundary Defence

    Critical Control 6

    • Maintenance, Monitoring, and Analysis of Audit Logs

    Critical Control 7

    • Application Software Security

    Critical Control 8

    • Controlled Use of Administrative Privileges

    Critical Control 9

    • Controlled Access Based on Need to Know

    Critical Control 10

    • Continuous Vulnerability Assessment and Remediation

    Critical Control 11

    • Account Monitoring and Control

    Critical Control 12

    • Malware Defences

    Critical Control 13

    • Limitation and Control of Laptops, Workstations, and Servers

    Critical Control 14

    • Wireless Device Control

    Critical Control 15

    • Data Loss Prevention

    Critical Control 16

    • Secure Network Engineering

    Critical Control 17

    • Penetration Tests and Red Team Exercises

    Critical Control 18

    • Incident Response Capability

    Critical Control 19

    • Data Recovery Capability

    Critical Control 20

    • Security Skills Assessment and Appropriate Training to Fill Gaps

©2019 by Oddfellows Services Ltd t/a OFS.

Registered in England Number 11987380

Registered Office : International House, 24 Holborn Viaduct, London, EC1A 2BN, London, United Kingdom.

Email :

Telephone : +44 (0) 203 787 4785