System Owner
Organisational mails
Applications that communicate to end-users do so from an organisational domain and organisational email account.
Penetration Testing
Before go-live of new IT services, and after major updates and changes, a penetration test of the information security needs to be performed by a trusted security party. For externally...
Automated Application Vulnerability Scanning
The (web-)application is subject to automated vulnerability scanning at least once per quarter. Scanning occurs authenticated as much as possible.
Vulnerability Registration and Resolution
A system owner is responsible for maintaining a list of known vulnerabilities on the system, including the associated risk, when the vulnerability was reported, what action resolution was taken and...
Server and Application Infrastructure Not Shared
IT services run in their own virtual environments, vulnerabilities in one service cannot give access to other services. This includes no multiple websites on the same webserver unless they share...
Service Hardening
Services run under their own account with minimal necessary privileges . Only necessary services run on production servers, and are only accessible to necessary interfaces using Host-based Firewalls. All services...
Default Passwords changed
Default Passwords on any piece of hardware or software are changed before deployment.
Unintended Information Disclosure
Applications and services are configured to not display information that is unnecessary. Functionality is designed and configured to prevent enumeration of information.
Hardening Validation
IT systems have standard configurations that follow recommended hardening guidelines. Before new systems are taken into production, the systems are tested for adhering to the hardening guidelines. The standard images...
Baseline configuration
Document a security configuration baseline for the system based on current best practices from vendors and desired functionality. The baseline must be updated at least annually. Use this baseline for...