SECURITY HARDENING - SECURE SOFTWARE IMAGES

• CIS 20 CRITICAL
SECURITY CONTROLS
• CONTROL 5, VERSION 7
• Secure Configuration
for Hardware and
Software on Mobile
Devices, Laptops,
Workstations and
Servers

1
SECURITY HARDENING - SECURE SOFTWARE IMAGES

5.1 Establish Secure

Configurations
• Maintain documented,
standard security
configuration standards
for all authorized
operating systems and
software.

2
SECURITY HARDENING - SECURE SOFTWARE IMAGES

5.2 Maintain Secure

Images
• Maintain secure images
or templates for all
systems in the
enterprise based on the
organization's approved
configuration standards.
Any new system
deployment or existing
system that becomes
compromised should be
3
SECURITY HARDENING - SECURE SOFTWARE IMAGES

5.2 Maintain Secure

Images
• …imaged using one of
those images or
templates.

4
SECURITY HARDENING - SECURE SOFTWARE IMAGES

5.3 Securely Store Master

Images
• Store the master images
and templates on
securely configured
servers, validated with
integrity monitoring
tools, to ensure that
only authorized changes
to the images are
possible.

5
SECURITY HARDENING - SECURE SOFTWARE IMAGES

5.4 Deploy System

Configuration
Management Tools
• Deploy system
configuration
management tools that
will automatically
enforce and redeploy
configuration settings to
systems at regularly
scheduled intervals.

6
SECURITY HARDENING - SECURE SOFTWARE IMAGES

5.5 Implement Automated

Configuration Monitoring
Systems
• Utilize a Security
Content Automation
Protocol (SCAP)
compliant configuration
monitoring system to
verify all security
configuration elements,
catalog approved
exceptions, and alert..
7
SECURITY HARDENING - SECURE SOFTWARE IMAGES

5.5 Implement Automated

Configuration Monitoring
Systems
• …when unauthorized
changes occur.

END