5: Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations and Servers
PF v1.0 References:
Threats Addressed:
Control Statement
Establish, implement, and actively manage (track, report on, correct) the security configuration of mobile devices, laptops, servers, and workstations using a rigorous configuration management and change control process in order to prevent attackers from exploiting vulnerable services and settings.
[csf.tools Note: For more information on the Critical Security Controls, visit the Center for Internet Security.]
Subcontrols
5.1: Establish Secure Configurations
Maintain documented security configuration standards for all authorized operating systems and software.
5.2: Maintain Secure Images
Maintain secure images or templates for all systems in the enterprise based on the organization's approved configuration standards. Any new system deployment or existing system that becomes compromised should be imaged using one of those images or templates.
5.3: Securely Store Master Images
Store the master images and templates on securely configured servers, validated with integrity monitoring tools, to ensure that only authorized changes to the images are possible.
5.4: Deploy System Configuration Management Tools
Deploy system configuration management tools that will automatically enforce and redeploy configuration settings to systems at regularly scheduled intervals.
5.5: Implement Automated Configuration Monitoring Systems
Utilize a Security Content Automation Protocol (SCAP) compliant configuration monitoring system to verify all security configuration elements, catalog approved exceptions, and alert when unauthorized changes occur.