Executive Summary of Auditing IT Infrastructure Compliance
Align Auditing Frameworks for a Business Unit within the DoD 2-3
Align an IT Security Assessment to Achieve Compliance 3-6
Define a Process for Gathering Information Pertaining to a GLBA Compliance Audit 6-9
Auditing the Workstation Domain for Compliance 10-12
Auditing the LAN-to-WAN Domain for Compliance 12-14
Auditing the Remote Access Domain for Compliance 13-15
Auditing the Systems/Application Domain for Compliance 15-17
Align Auditing Frameworks for a Business Unit within the DoD
Windows Hardening Defense begins with the basics, such as giving the least amount of privileges within Active Directory. A firewall and Antivirus is a must. Review blogs and sites for security issues and alerts. Check manufacturer sites for the latest patch and keep system up to date. Create a patch policy and stick to it. Check patches as they are released and determine criticality based on exploit, threat footprint for your system and whether or not there is a POC. Test patches before updating the entire network to ensure servers will still perform properly. Enable automatic updates for the OS. Servers should only be updated during maintenance times.
Security Technical Implementation Guide is a Compendium of DoD policies, Security Regulations and best practices for securing IA and/or IA enabled device. The goals of STIG are to provide Intrusion Avoidance, Intrusion Detection, Security Implementation guidance, response and recovery.
DISA STIGs offers configuration guides and checklists for Databases, Operating Systems, Web Servers, etc. It also provides standard findings and impact ratings CAT I, CAT II, and CAT III. The first draft Nov. 2006, first released jul 2008 has 129 requirements coverings including program management, design & development, software configuration management, testing and deployment. ASD STI applies to all DoD developed,...