A secure configuration is comprised of measures that are implemented when developing and installing computers and other devices in order to reduce vulnerabilities. Misconfigurations are one of the most common methods that malicious users use to attempt exploitation.
This article lists free and commercial tools that a company can use to help comply with CIS Controls 10 and 11. This document provides guidance on Microsoft security features and tools that can be used to harden Windows 10 Enterprise Edition. This is a summary page for the 140+ configuration guidelines for various technology groups to safeguard systems developed by CIS. CIS Hardened Images are virtual machine emulations preconfigured to provide secure, on-demand, and scalable computing environments in the cloud. This article provides a description of the cybersecurity practice of whitelisting in terms of implementation, while weighing benefits and challenges. This document highlights and summarizes the types of choices, and the related decisions, that need to be made prior to starting the planning process. This article defines application whitelisting and describes how application whitelisting works. The Security Technical Implementation Guides (STIGs) are the configuration standards for DOD IA and IA-enabled devices/systems. The STIGs contain technical guidance to “lock down” information systems/software that might otherwise be vulnerable to a malicious computer attack. This Microsoft support document provides general information and guidance for secure boot in Windows Operating systems. Microsoft support document providing overview and guidance for Trusted Platform Modules and how it is used for access control and authentication. The National Checklist Program (NCP), defined by the NIST SP 800-70, is the U.S. government repository of publicly available security checklists (or benchmarks) that provide detailed low level guidance on setting the security configuration of operating systems and applications. NIST resource list providing guidelines on BIOS integrity and protection. NIST resource that defines requirements for implementation and assessment of security controls at alternate work sites, for example government facilities or private residence of the employees. NIST resource that defines the requirements employment of integrity verification tools to detect unauthorized changes to software, firmware, and information. Best practices for implementing hardened configurations on servers, OS, software, network, and databases. This is a security hardening guide for Red Hat Enterprise Linux 8, developed by Red Hat, Inc. This is a router and switch security policy provided by SANS. This document serves an example of the minimum requirements for security configuration for routers and switches. This is a presentation from a Splunk Conference on how to use splunk to assess and implement critical security control #3 which is secure configurations for hardware and software. This link provides various system hardening guides used by the University of Texas at Austin. Network Infrastructure Security, typically applied to enterprise IT environments, is a process of protecting the underlying networking infrastructure by installing preventative measures to deny unauthorized access, modification, deletion, and theft of resources and data. This is a video from CIS that covers secure configurations for hardware and software.
This Confluence page identifies the top 10 secure coding practices from the SEI CERT Coding Standards. This document provides self-assessment guidance for conducting Cybersecurity Maturity Model Certification (CMMC) assessments for Level 1. This document provides assessment guidance for conducting Cybersecurity Maturity Model Certification (CMMC) assessments for Level 2. This document provides assessment guidance for conducting Cybersecurity Maturity Model Certification (CMMC) assessments for Level 3. This article defines defense in depth, and why it's required to protect data. The National Checklist Program (NCP), defined by the NIST SP 800-70, is the U.S. government repository of publicly available security checklists (or benchmarks) that provide detailed low level guidance on setting the security configuration of operating systems and applications. The purpose of this publication is to provide procedures for assessing the CUI requirements in NIST Special Publication 800-171. This is a video from Qualys that shows how to assess a security configuration. This link provides various system hardening guides used by the University of Texas at Austin. This is UC Berkley’s secure device configuration guideline with adherence to their security policy mandate. This is an example of a how to assess a secure configuration. This white paper describes strategies to securely configure Industrial Control Systems.