Standards

Security Configuration Management bases its checklist on various authority standards.

Center for Internet Security: The Center for Internet Security (CIS) guidelines recommends technical control rules and values that are applicable to network devices, operating systems, software applications, and middleware applications. CIS guidelines are consensus-based and are used by the US government and businesses in various industries.; The CIS guidelines are distributed for free in PDF formats and are also available in Extensible Configuration Checklist Description Format (XCCDF) for CIS Security Benchmark members. XCCDF is an XML-based language that is used for benchmark assessment tools and custom scripts.; For more information about CIS, see https://www.cisecurity.org/.

Defense Information System Agency Security Technical Implementation Guidelines: The Defense Information Systems Agency (DISA) releases the Security Technical Implementation Guidelines (STIG). STIG provides recommendations for secure installation, configuration, and maintenance of software, hardware, and information systems. STIG is one of the basis of configuration standards that the US Department of Defense uses.; For more information about DISA and STIG, see http://www.disa.mil/.

Federal Desktop Core Configuration: The Federal Desktop Core Configuration (FDCC) is a set of security settings that were recommended by the National Institute of Standards and Technology (NIST). FDCC was replaced by the United States Government Configuration Baseline (USGCB).

Payment Card Industry Data Security Standard: The Payment Card Industry Data Security Standard (PCI DSS) is a baseline of technical and organizational requirements that are related to the Payment Card Industry.; You must establish a secure payments environment throughout your organization to achieve PCI DSS compliance. SCM enforces security configurations for endpoints and servers in your organization, and can help your organization protect endpoints meet security compliance for PCI DSS.; By complying with the PCI DSS standards you ensure that cardholder data and sensitive authentication data are secure and well protected from malicious users and attacks. The PCI DSS applies to all entities involved in payment card processing and requires continuous compliance with the security standards and best practices set by the PCI Security Standards Council.; For more information about PCI DSS, see the PCI Security Standards Council website at www.pcisecuritystandards.org/security_standards/ and the Payment Card Industry Data Security Standard (PCI DSS) User's Guide.

United States Government Configuration Baseline: The United States Government Configuration Baseline (USGCB) provides guidance for security configuration of Information Technology products that are deployed by US government federal agencies. USGCB addresses the following platforms Microsoft's Windows 7, Windows 7 Firewall, Windows Vista, Windows Vista Firewall, Windows XP, Windows XP Firewall, Internet Explorer 7, Internet Explorer 8, and Red Hat Enterprise Linux 5.; USGBC replaced the Federal Desktop Core Configuration (FDCC).; For more information about USGCB, see http://usgcb.nist.gov/.

HIPAA Standards: The HIPAA compliance is mandatory for organizations that are handling Protected Health Information (PHI), including hospitals, healthcare providers, insurers, and associated businesses. A single security misconfiguration on a workstation can lead to data breaches, regulatory penalties, and operational risks. Ensuring that endpoints adhere to HIPAA security guidelines is critical for protecting patient data and maintaining regulatory compliance. HIPAA Checklist for Windows Server addresses the following platforms Windows Server 2016, 2019, 2022 and HIPAA Checklist for Windows Workstation addresses Windows 10 and 11.

NIS2 Standards: The NIS2 Compliance Checklist is a specialized content pack designed to assess compliance against the technical requirements of Directive (EU) 2022/2555. This release aggregates relevant checks from widely recognized benchmarks (CIS) and maps them directly to the specific risk-management measures mandated by Article 21(2). This allows you to enforce security configurations and audit your environment against European cybersecurity standards. NIS2 Checklist for Windows Server addresses the following platforms Windows Server 2016, 2019, 2022, 2025 and NIS2 Checklist for Windows Workstation addresses Windows 10 and 11.; The NIS2 Compliance Checklist is a specialized content pack designed to assess compliance against the technical requirements of Directive (EU) 2022/2555. This release aggregates relevant checks from widely recognized benchmarks (CIS) and maps them directly to the specific risk-management measures mandated by Article 21(2). This allows you to enforce security configurations and audit your environment against European cybersecurity standards. NIS2 Checklist for RHEL addresses the following platforms RHEL 7, 8, 9, and 10.

Universal Checklist: The Universal Checklist is a consolidated checklist designed to assess general purpose compliance across all supported endpoint versions. The initial beta release is a collection of all the checks from CIS and DISA benchmarks for all the supported versions. It allows you to enforce security configurations across your entire environment with a single action. Universal Checklist for Windows Server addresses the following platforms Windows Server 2016, 2019, 2022, 2025 and Universal Checklist for Windows Workstation addresses the following platforms Windows 10 and 11.; The Universal Checklist is a consolidated checklist designed to assess general purpose compliance across all supported endpoint versions. The initial beta release is a collection of all the checks from CIS and DISA benchmarks for all the supported versions. It allows you to enforce security configurations across your entire environment with a single action. Universal Checklist for RHEL addresses the following platforms RHEL 7, 8, 9, and 10.