Security hardening with benchmarks such as CIS, STIGs, and NIST
Benchmarks provide a great way for anyone to gain assurance of their individual security efforts. Created by security experts globally or led by security mature government departments such as NIST, benchmarks cover a whole range of systems, configurations, software, and more.
Hardening for security mostly boils down to do the following:
- Agreeing on what is the minimal set of configuration that qualifies as secure configuration. This is usually defined as a hardening benchmark or framework.
- Making changes to all the aspects of the system that are touched by such configuration.
- Measuring periodically if the application and system are still in line with the configuration or if there is any deviation.
- If any deviation is found, take corrective action to fix that.
- If no deviation is found, log that.
- Since software is always getting upgraded, staying on top of the latest configuration guidelines and benchmarks is most important.
The three...