662 MB | 3 files | PDF
This document makes recommendations for how users and developers should select checklists from the NIST National Checklist Repository, evaluate and test checklists, and apply them to IT products.
A security configuration checklist (also called a lockdown, hardening guide, or benchmark) is a series of instructions or procedures for configuring an IT product to a particular operational environment, for verifying that the product has been configured properly, and/or for identifying unauthorized changes to the product. The IT product may be commercial, open source, government-off-the-shelf (GOTS), etc.
Checklists can comprise templates or automated scripts, patch information, Extensible Markup Language (XML) files, and other procedures. Checklists are intended to be tailored by each organization to meet its particular security and operational requirements. Typically, checklists are created by IT vendors for their own products; however, checklists are also created by other organizations, such as academia, consortia, and government agencies. The use of well-written, standardized checklists can markedly reduce the vulnerability exposure of IT products. Checklists can be particularly helpful to small organizations and to individuals with limited resources for securing their systems.
This document is intended for users and developers of security configuration checklists. For checklist users, this document makes recommendations for how they should select checklists from the NIST National Checklist Repository, evaluate and test checklists, and apply them to IT products. For checklist developers, this document sets forth the policies, procedures, and general requirements for participation in the NIST National Checklist Program (NCP).
The attached zip file includes:
This table outlines the top needs of each stakeholder group that can help guide your conversations on priorities and needs for the GRC program. ... More >>
Whether you're looking to hire one or looking for a position yourself, use this detailed job description to find out what the role of a Technology Project Manager entails. ... More >>
Chapter 1 delves into the first four stages of systematic strategic planning, including clarifying current conditions, identifying competitive advantages, defining opportunities and developing strategies. ... More >>