Controls

Terug naar overzicht
Version

SB.16.002 Hardening Validation

Medium
Medium
Medium
System Hardening
System Owner
v2.0 (Q1 2024)

Description

IT systems have standard configurations that follow recommended hardening guidelines.

Before new systems are taken into production, the systems are tested for adhering to the hardening guidelines.

The standard images are tested for security vulnerabilities during regular vulnerability management process and are updated accordingly.

Systems are periodically checked against the hardening baseline, preferably automatically.

Specification

Hardening or security guidelines by the supplier are followed. If supplier guidelines are absent or insufficient, third party guidelines should be used.

OR:

The most recent version of the CIS Benchmarks are taken into account when configuring devices or operating systems. L1 controls are implemented. If a control cannot be implemented because of business reasons, the exclusion and the reason(s) is/are documented.