Professional Documents
Culture Documents
module 113
module 113
• Security Hardening
Lifecycle: Maintaining
An Integrated & Current
Program
1
SECURITY HARDENING – LIFECYCLE
1. Harden IT Asset
5. Pursue Controls
2. Periodic
That May Require
Validation
Additional Working
3. Seek Updates
4. Implement
On Hardening
Additional Controls
Benchmarks
2
SECURITY HARDENING – LIFECYCLE
1: Harden IT Asset
Pursue the 8 step
hardening methodology
3
SECURITY HARDENING – LIFECYCLE
2. Research on 5. Implement
8. Implement on
applicable controls on test
PROD & monitor
security controls setup
3. Checklist of
4. Document
applicable
controls into SOP
controls
4
SECURITY HARDENING – LIFECYCLE
2: Periodic Validation
Check periodically (every
quarter) for changes to the
established standard or
baseline
5
SECURITY HARDENING – LIFECYCLE
3: Seek Updated On
Hardening Benchmarks
• Benchmarks are
periodically updated
• Subscribe to feeds from
CIS, DISA, NIST NCP
(National Checklist
Program) Repository
6
SECURITY HARDENING – LIFECYCLE
4: Implement Additional
Controls
• Update the security
controls by studying the
changes
7
SECURITY HARDENING – LIFECYCLE