10-Step Security and Vulnerability Assessment Plan
Use this plan to ensure your information system controls are correctly implemented.
Written security policies are one thing, but they have to be backed up by other good practices and technical measures. When it comes to your critical IT products - the operating systems and applications you rely on for business - you have to make sure that they conform to those policies and good security practices in general. Achieving, verifying and maintaining that conformance requires a standard security configuration that all IT products must possess.
Security configuration checklists can significantly reduce exposure of those critical IT products to vulnerabilities. When customized for a particular business environment, they ensure that software or other products are configured properly.
The NIST, responsible for maintaining the National Checklist Repository, has uploaded security configuration checklist guidelines that can help you create custom-tailored checklists for your organization. For checklist users, these guidelines provide recommendations on how to select appropriate checklists, test and evaluate them and apply them to IT products. Checklist developers will find procedures, policies and requirements for participation in the National Checklist Program, in addition to helpful information about security threats and fundamental security practices.