A consortium of federal agencies and private organizations announced the Consensus Audit Guidelines (CAG) last week. This list of 20 items defines the most critical security controls needed to protect federal and contractor information and information systems. These guidelines won't duplicate or replace existing federal IT security requirements, but rather supplement the standards (like FISMA).
The CAG initiative is part of a larger effort to advance recommendations from the CSIS Commission report on Cybersecurity for the 44th Presidency. The goal of the consortium was to come up with a risk-based standard to counter known forms of cyber attack. The 20 actions should help the government or private organizations mitigate or prevent cyber attacks. The controls cover areas including access controls, wireless security, data leakage and training. Each control details what threat it covers and how the control could be automated & tested for effectiveness.
The CAG is still in draft and they are actively soliciting criticism and suggestions. You can learn more about how to contact them here for most of March. After a public review of the standards, pilots will be conducted in several federal agencies and the draft will be reviewed and audited.