>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

CFM-01Baseline Configuration Standard

>Control Description

Organization ensures security hardening and baseline configuration standards have been established according to industry standards and are reviewed and updated periodically.

Theme

Process

Type

Preventive

Policy/Standard

Infrastructure Management Policy

>Implementation Guidance

1. Prepare and maintain Security hardening and Baseline configuration standards shall be established. 2. Configuration of systems (systems can include AWS, Azure, GCP, and more) shall be configured with the baseline configuration. 3. Configure required permissions for the configuration management server. 4. Configuration of Security Groups, NACLs, and virtual firewall appliances shall be in place. 5. Configuration of VPC Firewall Rules and virtual firewall appliances to allow traffic from the configuration management server to the other system servers. 6. All production systems shall be able to demonstrate consistent system configurations via version control number, last update date, settings, or other. 7. Process shall be established to ensure that latest version patch (hardened as per industry practices) is applied wherever possible. 8. Ensure that security hardening and configuration baselines are monitored are flagged wherever deviation is observed. 9. Establish a process ensuring regular rule set reviews are conducted by relevant teams for network devices.

>Testing Procedure

1. Validate whether Security hardening and Baseline configuration standards are established. 2. Inspect baseline configuration of systems (systems can include AWS, Azure, GCP, and more) shall be configured with the baseline configuration. 3. Validate whether the required permissions are present for the configuration management server. 4. Inspect Security Groups, NACLs, and virtual firewall appliances configurations. 5. Validate whether VPC Firewall Rules and virtual firewall appliances are configured to allow traffic from the configuration management server to the other system servers. 6. Inspect production systems to determine whether they demonstrate consistent system configurations via version control #, last update date, settings, or other. 7. For a sample of in scope servers validate whether latest version patch (hardened as per industry practices) is applied wherever possible. 8. Validate that security hardening and configuration baselines are monitored are flagged wherever deviation is observed. 9. Validate that regular rule set reviews are conducted by relevant teams for network devices.

>Audit Artifacts

Log Management
E-CFM-01
E-CFM-02
E-CFM-03
E-CFM-04
E-CFM-05

>Framework Mappings

Cross-framework mappings provided by Adobe CCF Open Source under Creative Commons License.

NIST CSF
3

DE.AE-1
PR.IP-1
PR.PT-3

CIS Controls
3

4.1
4.2
16.7

ISO 27002:2022
1

8.9

FedRAMP Rev 5
6

CA-03
CM-01
CM-02
CM-06
CM-02 (03)
SA-10

PCI DSS
4

1.2
1.2.1
2.2
2.2.1

HIPAA Security Rule
1

164.308(a)(5)(ii)(B)

SOC 2
3

CC6.8
CC7.1
CC8.1

BSI C5
6

AM-03
COS-03
OPS-04
OPS-05
OPS-23
PSS-11

TX-RAMP
6

CA-3
CM-1
CM-2
CM-2(3)
CM-6
SA-10

Ask AI

Configure your API key to use AI features.