Hardening Checklist

Please share hardening checklist for windows 2008,windows 2012, Redhat Linux and Cent OS for ISO 27001 audit
shamnadAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David FavorLinux/LXD/WordPress/Hosting SavantCommented:
https://www.pivotpointsecurity.com/blog/iso-27001-checklist provides a starting point + they sum up the idea of a checklist clearly.

ISO-27001 is to complex to be boiled down to a simple checklist with boxes to check.

Some of the single line items can take months to implement + describe in sufficient detail for an auditor to verify.

I'd suggest you hire someone very familiar with ISO-27001 to assist you. You'll also require a great deal of time + patience + money to get to a point where you can pass an audit.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
btanExec ConsultantCommented:
Consider CIS benchmark and most of the time, it would have been reference on the standards from CIS, NCP or the provider security hardening  

Try the CIS benchmark site and OS is listed - https://www.cisecurity.org/cis-benchmarks/

Try the NCP link (category as operating system) and set the search string to the specific OS stated. You will see the baseline configuration (STIG based standard). One example of Windows 2008 below
https://nvd.nist.gov/ncp/repository?typeId=1&category=Operating+System&keyword=windows+2008+&startIndex=0
tfewsterCommented:
Seconding btan's comment. The CIS benchmarks are free (free signup required) and widely regarded as industry best practice. They explain the potential configuration weaknesses for each OS, how to check for them and how to remediate them.

If you become a CIS member, you get access to the CIS-CAT scanning and automatic remediation tools. There are better (and much more expensive) vulnerability scanning and reporting tools commercially available, but I've not seen any others that can do the remediation work automatically.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux

From novice to tech pro — start learning today.