Control 4 is looking for the secure configuration of your assets (end user devices including portable and mobile, network devices, IoT devices, and servers) and your software (operating systems and applications).

To establish and maintain a secure configuration process for your assets and software, we need to develop a comprehensive security policy outlining the requirements for secure configurations.

Conducting a thorough inventory of assets (Safeguard 1.1) and software (Safeguard 2.1), we will define secure configuration baselines, adhering to best practices and industry standards (like CIS Controls).

Automation tools should be utilized whenever possible to enforce these baselines, reducing human error.

You should prioritize strong authentication measures and implement a robust patch management system. Regular security reviews must be conducted, while comprehensive documentation be maintained and annually updated.

Employees are required to receive training to ensure compliance.

The policy and documentation should be reviewed promptly whenever significant changes occur or at minimum once a year.

Looking for a jump start - Download CIS's Secure Configuration Management Template at (https://lnkd.in/e4xYfNye)

I want to personally thank you for following along and if you learned something new or found this content to be valuable please like and share. Since I have started this journey I am seeing more education around CIS Security and its framework throughout the industry.