Security managers are raising a number of urgent questions related to the 20 Critical Security Controls (CSCs) such as What types of organizations are implementing what controls, and why? How integrated are these controls with overall operations and with risk management dashboards? And what new development, staffing and tool decisions will adopters have to make to address the control areas they’re focusing on? SANS initiated a targeted survey to help answer such questions. This whitepaper analyzes the results of that survey aimed to provide valuable guidance for those that are looking to deploy or are already in the process of rolling out the Critical Security Controls in their organization.