16.7: Use Standard Hardening Configuration Templates for Application Infrastructure¶
Use standard, industry-recommended hardening configuration templates for application infrastructure components. This includes underlying servers, databases, and web servers, and applies to cloud containers, Platform as a Service (PaaS) components, and SaaS components. Do not allow in-house developed software to weaken configuration hardening.
Asset Type |
Security Function |
Implementation Groups |
|---|---|---|
Applications |
Protect |
2, 3 |
Dependencies¶
Safeguard 4.1: Establish and Maintain a Secure Configuration Process
Safeguard 4.2: Establish and Maintain a Secure Configuration Process for Network Infrastructure
Inputs¶
GV1: Enterprise Asset InventoryGV37: Network infrastructure configuration standards
Operations¶
Use Input 1
GV1to identify and enumerate application infrastructure componentsGV50(M1)- For each infastructure component identified in Operation 1, check configurations using Input 2
GV37and determine if they meet industry recommended hardening configuraion standards Identify and enumerate infrastructure components that meet industry standards (M2)
Identify and enumerate infrastructure components that do not meet industry standards (M3)
- For each infastructure component identified in Operation 1, check configurations using Input 2
Measures¶
M1 = Count of application infrastructure components
M2 = Count of components that meet industry standards
M3 = Count of components that do not meet industry standards
Metrics¶
Compliance¶
Metric |
The percentage of application infrastructure components that meet
industry configuration standards
|
Calculation |
|