NIST defines baseline configurations as a documented set of specifications for an information system, or a configuration item within a system, that has been formally reviewed and agreed on at a given point in time, and which can be changed only through change control procedures. (Source)
This is a summary page for the 140+ configuration guidelines for various technology groups to safeguard systems developed by CIS. CIS Hardened Images are virtual machine emulations preconfigured to provide secure, on-demand, and scalable computing environments in the cloud. This article helps identify key controls that should be considered when establishing a secure configuration. This NIST Special Publication covers general guidelines for ensuring that security considerations are integrated into the configuration management process. Best practices for implementing hardened configurations on servers, OS, software, network, and databases. This SANS whitepaper focuses on monitoring windows and linux baselines. This is UC Berkley’s secure device configuration guideline with adherence to their security policy mandate. This is an example of a how to assess a secure configuration. This guidance from US-CERT is intended for organizations seeking help in establishing a configuration and change management process and for organizations seeking to improve their existing configuration and change management process.
- Center for Internet Security – Benchmarks
This is a summary page for the 140+ configuration guidelines for various technology groups to safeguard systems developed by CIS.
- CMMC Level 1 Self-Assessment Guide
This document provides self-assessment guidance for conducting Cybersecurity Maturity Model Certification (CMMC) assessments for Level 1.
- CMMC Level 2 Assessment Guide
This document provides assessment guidance for conducting Cybersecurity Maturity Model Certification (CMMC) assessments for Level 2.
- CMMC Level 3 Assessment Guide
This document provides assessment guidance for conducting Cybersecurity Maturity Model Certification (CMMC) assessments for Level 3.
- Microsoft Security Compliance Toolkit
This blog covers the Microsoft Security Compliance toolkit as a tool to audit security baselines. This toolkit is set of tools produced by Microsoft so organizations can apply Microsoft-recommended security configurations to their environment.
- NIST SP 800-171A Assessing Security Requirements for Controlled Unclassified Information
The purpose of this publication is to provide procedures for assessing the CUI requirements in NIST Special Publication 800-171.
- North Carolina – Configuration Management Policy
This is a sample configuration management policy from the State of North Carolina that outlines the standards used for configuration management compliance.