16.7: Use Standard Hardening Configuration Templates for Application Infrastructure ========================================================= Use standard, industry-recommended hardening configuration templates for application infrastructure components. This includes underlying servers, databases, and web servers, and applies to cloud containers, Platform as a Service (PaaS) components, and SaaS components. Do not allow in-house developed software to weaken configuration hardening.
Asset Type | Security Function | Implementation Groups |
---|---|---|
Applications | Protect | 2, 3 |
- Safeguard 4.1: Establish and Maintain a Secure Configuration Process
- Safeguard 4.2: Establish and Maintain a Secure Configuration Process for Network Infrastructure
GV1
: Enterprise Asset InventoryGV37
: Network infrastructure configuration standards
- Use Input 1
GV1
to identify and enumerate application infrastructure componentsGV50
(M1) - For each infastructure component identified in Operation 1, check configurations using Input 2
GV37
and determine if they meet industry recommended hardening configuraion standards - Identify and enumerate infrastructure components that meet industry standards (M2)
- Identify and enumerate infrastructure components that do not meet industry standards (M3)
- For each infastructure component identified in Operation 1, check configurations using Input 2
- M1 = Count of application infrastructure components
- M2 = Count of components that meet industry standards
- M3 = Count of components that do not meet industry standards
Metric | The percentage of application infrastructure components that meet industry configuration standards |
Calculation | M2 / M1 |