INFRA-8 Host Hardening

What is INFRA-8 Host Hardening Control?

Host hardening control talks about providing various means of protection to a system. This procedure provides guidance to employees with step-by-step instructions on handling systems and performing actions such as renaming default accounts, changing default passwords, locking unnecessary ports and services, etc.

There is no formal way to document this, and there are no requirements as to what needs to be included. This remains at the discretion of each organization to define what critical systems require step-by-step instructions.

Available tools in the marketplace

Tools

No tool recommendation is made for this section.

Available templates

TrustCloud has a curated list of templates, internally or externally sourced, to help you get started. Click on the link for a downloadable version.

• Host Hardening procedure template

Control implementation

To implement this control,

1. Take an inventory of critical systems and determine whether each system requires a host hardening procedure.
   For systems that require this control, document a procedure using the provided template.

What evidence do auditors look for?

Most auditors, at a minimum, are looking for the below-suggested action.

1. Provide the most up-to-date host hardening procedures for one critical system.

Evidence example

For the suggested action, an example is provided below:

1. Provide the most up-to-date host hardening procedures for one critical system.
   Upload a policy or procedure. Refer to the provided template as an example of evidence.