Hardening Checklist

shamnad
shamnad used Ask the Experts™
on
Please share hardening checklist for windows 2008,windows 2012, Redhat Linux and Cent OS for ISO 27001 audit
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Fractional CTO
Distinguished Expert 2018
Commented:
https://www.pivotpointsecurity.com/blog/iso-27001-checklist provides a starting point + they sum up the idea of a checklist clearly.

ISO-27001 is to complex to be boiled down to a simple checklist with boxes to check.

Some of the single line items can take months to implement + describe in sufficient detail for an auditor to verify.

I'd suggest you hire someone very familiar with ISO-27001 to assist you. You'll also require a great deal of time + patience + money to get to a point where you can pass an audit.
btanExec Consultant
Distinguished Expert 2018
Commented:
Consider CIS benchmark and most of the time, it would have been reference on the standards from CIS, NCP or the provider security hardening  

Try the CIS benchmark site and OS is listed - https://www.cisecurity.org/cis-benchmarks/

Try the NCP link (category as operating system) and set the search string to the specific OS stated. You will see the baseline configuration (STIG based standard). One example of Windows 2008 below
https://nvd.nist.gov/ncp/repository?typeId=1&category=Operating+System&keyword=windows+2008+&startIndex=0
Seconding btan's comment. The CIS benchmarks are free (free signup required) and widely regarded as industry best practice. They explain the potential configuration weaknesses for each OS, how to check for them and how to remediate them.

If you become a CIS member, you get access to the CIS-CAT scanning and automatic remediation tools. There are better (and much more expensive) vulnerability scanning and reporting tools commercially available, but I've not seen any others that can do the remediation work automatically.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial