System Hardening

Service Hardening

Services run under their own account with minimal necessary privileges . Only necessary services run on production servers, and are only accessible to necessary interfaces using Host-based Firewalls. All services...

Unintended Information Disclosure

Applications and services are configured to not display information that is unnecessary. Functionality is designed and configured to prevent enumeration of information.

Hardening Validation

IT systems have standard configurations that follow recommended hardening guidelines. Before new systems are taken into production, the systems are tested for adhering to the hardening guidelines. The standard images...

Baseline configuration

Document a security configuration baseline for the system based on current best practices from vendors and desired functionality. The baseline must be updated at least annually. Use this baseline for...