Security Configuration Baseline
Preparation of specification V1.0
Chapter 1 Overview
1.1 Objectives and Scope
Baseline refers to the basic security requirements meet the minimum safety assurance information as initialization XXX installation configuration information systems standards, and implementing security assessment or criteria based on safety and operating instructions provided when reinforcement.
The present specification as a guide for the development of safe baseline document, define the scope of the development of the information system security company XXX baseline document frame, setting baseline reference baseline sample and standard techniques.
1.2 References
"People's Republic of China Regulations on Protection of Computer Information System Security"
"ISO 27001 standard / ISO 27002 guidelines"
《CIS-Controls & Implementation Groups》
《CIS Benchmarks》
1.3 Terms and Definitions
No
Chapter II framework document
2.1 file hierarchy
A file: the preparation of baseline security norms
Two files: various segments of the baseline configuration files, as well as baseline score table
Three documents: inspection results record form and baseline inspection score table
2.2 Baseline Coverage
XXX corporate security baselines defined, based on the following five categories to perfect.
| Baseline categories |
Segments |
Revision Status |
| operating system |
Microsoft Windows |
201912.v1 |
| Linux |
201912.v1 |
|
| Server Software |
Web server |
not initiated |
| Midware |
not initiated |
|
| Database |
not initiated |
|
| Virtualization |
not initiated |
|
| Internet equipment |
Switch&Router |
not initiated |
| Firewalls |
not initiated |
|
| Mobile devices |
not initiated |
|
| cloud service |
not initiated |
The first phase of the project, covering major categories of operating system, desktop operating systems include Microsoft Windows 10, Windows Server and Linux Server.
Example 2.3 Baseline
| Numbering ( Format: Organization - Object Management - File version - class - item ) |
XXX-MS_Win10-V1-1-1 |
| Control requirements |
Rename the Administrator account; disable guest (guest) account |
| Operations Guide |
Start -> Run -> lusrmgr.msc, rename administrator, disabled guest |
| Detection method |
Start -> Run -> lusrmgr.msc, local user view |
| Determine the basis |
The default administrator account has been renamed, guest disabled |