Platform Security (PR.PS)
Much like how we identify our hardware and software, we must also maintain it. Patching is needed to resolve issues with software bugs and vulnerabilities. We should remove old hardware and software from the environment once they have reached their end of life. While we look at the removal of legacy software and systems, we also need to look at our software development life cycle to ensure that it is being maintained appropriately.
PR.PS-01
When we first receive an IT resource or go to install software, there are typically system defaults that accompany it. While system defaults provide ease of use when setting up a new device, not changing those defaults will introduce unwanted risks. We must change these defaults prior to placing the systems default into a production setting.
We have all seen and used system defaults before. Ever had to type in admin and password at an authentication...
