NIST defines baseline configurations as a documented set of specifications for an information system, or a configuration item within a system, that has been formally reviewed and agreed on at a given point in time, and which can be changed only through change control...
Wireless access allows for non-wired connectivity to the Internet via a computer, mobile or electronic device. The following provides resources for implementing and assessing the security of enterprise wireless access. Implementation Assessment Aruba Networks –...
One of the most important, but overlooked part of security by organizations is physical security. Maintaining strong physical security is necessary to ensure your assets and data remain safe and secure. Implementation Assessment Cybersecurity & Infrastructure...
Authentication is verifying that an individual is who they claim to be. Authentication is typically performed by presenting a username (ID) and at least one private item that only the individual should know, most commonly, a password. The major concern when using...
Mobile device features are constantly changing, so it is difficult to define the term “mobile device”. However, as features change, so do threats and security controls, so it is important to establish a baseline of mobile device features. NIST provides the following...
Authorization is the mechanism to determine access levels or privileges related to information system resources including files, services, programs, data and applications. Implementation Assessment Boston University – Identity and Access Management PolicyA...
For an organization to implement a log review process, a formal logging policy must be established. This policy should require logging be enabled on all machines within an organization’s environment. Implementation Assessment BrightTalk – Detecting...
Log management is key to ensuring that computer logs and records are maintained in sufficient detail for an the appropriate period of time needed by an organization. Implementation Assessment DNSstuff – 10 Best Free and Open-Source SIEM ToolsThis article lists...
This section is intended to help organizations ensure confidentiality and integrity of data in transit. Implementation Assessment Amazon – How to protect data in transitThis article provides guidance on protecting data in transit in or out of the Amazon Web...
This section addresses secure design and architecture of the organization’s network from both management and operational perspectives Implementation Assessment Cisco – CLI Book 2: Cisco ASA Series Firewall CLI Configuration Guide, 9.4This is guidance for Cisco...
