Standards
Security Configuration Management bases its checklist on various authority standards.
- Center for Internet Security
- The Center for Internet Security (CIS) guidelines recommends technical control rules and values that are applicable to network devices, operating systems, software applications, and middleware applications. CIS guidelines are consensus-based and are used by the US government and businesses in various industries.
- Defense Information System Agency Security Technical Implementation Guidelines
- The Defense Information Systems Agency (DISA) releases the Security Technical Implementation Guidelines (STIG). STIG provides recommendations for secure installation, configuration, and maintenance of software, hardware, and information systems. STIG is one of the basis of configuration standards that the US Department of Defense uses.
- Federal Desktop Core Configuration
- The Federal Desktop Core Configuration (FDCC) is a set of security settings that were recommended by the National Institute of Standards and Technology (NIST). FDCC was replaced by the United States Government Configuration Baseline (USGCB).
- Payment Card Industry Data Security Standard
- The Payment Card Industry Data Security Standard (PCI DSS) is a baseline of technical and organizational requirements that are related to the Payment Card Industry.
- United States Government Configuration Baseline
- The United States Government Configuration Baseline (USGCB) provides guidance for security configuration of Information Technology products that are deployed by US government federal agencies. USGCB addresses the following platforms Microsoft's Windows 7, Windows 7 Firewall, Windows Vista, Windows Vista Firewall, Windows XP, Windows XP Firewall, Internet Explorer 7, Internet Explorer 8, and Red Hat Enterprise Linux 5.