The SANS CIS top twenty critical security controls (CSCs) is a living document reflecting world-wide expert opinion on the primary controls that can best mitigate against cyber attacks. While it lists the controls, it makes no suggestion on how they should be implemented in any specific situation.