April 06, 2018  |  SSS Security Consulting Team

The New Zealand Computer Emergency Response Team (CERT NZ) has released a list of ten critical controls for 2018.

According to CERT NZ, these ‘would mitigate, or better contain, the majority of attacks we’ve seen’, and are based on the incidents they have analysed to date. CERT NZ are continuing to publish more information on the critical controls

CERT NZ is not the only organisation to publish a list of prioritised critical security controls. Two other organisations that do this, and which are often referenced by New Zealand organisations, are the Australian Signals Directory (ASD), and the American Center for Internet Security (CIS)

There is a significant overlap across these three control frameworks, no doubt because the threats CERT NZ sees here in New Zealand do not differ greatly from what is being seen overseas. 

We prepared a rough mapping of controls from ASD and CIS against the ten controls published by CERT NZ.  You can download this mapping document along with information addressing the gaps that are highlighted by clicking on the download option on the right.

SSS has the expertise and experience to help you put in place effective and lasting information security improvements across your organisation.  If you’d like to discuss how we could help your organisation, please contact your SSS Account Manager, or call us on 04 917 6670 or email us at