RedFox@infosec.pub to

cybersecurity@infosec.pubEnglish · 3 months ago

Technical Controls

3

3

Technical Controls

RedFox@infosec.pub to

cybersecurity@infosec.pubEnglish · 3 months ago

3

What sources of technical controls does your organization use?

Do you base device/operating system configurations on:

CIS workbench?
NIST/STIG?
Microsoft best practice?
Google searches and ‘that looks good’?

How closely rigorously does your organization enforce change management for policies or settings?

Can you change GPOs/Linux/Network device settings as needed?
During maintenance window?
After a group meeting with code/change review and some sort of approval authority?

Chat

edric@lemm.ee
link
fedilink
English
arrow-up
2·
3 months ago
ISO27001 for policy development. CIS benchmarks for configuration. CIS controls for assessments. NIST for guidelines.
- RedFox@infosec.pubOP
  link
  fedilink
  English
  arrow-up
  1·
  3 months ago
  How far do you guys go?
  
  'All of it’s or until it’s inconvenient?
  
  What’s the pain tolerance for when everyone says it makes the job too hard?
  
  Ever compared CIS controls to STIG ACAP?
  
  I’ve only ever used SCAP for a few reasons z but one being it’s free.

cybersecurity@infosec.pub

cybersecurity@infosec.pub

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: [email protected]

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Be kind
Limit promotional activities
Non-cybersecurity posts should be redirected to other communities within infosec.pub.

Enjoy!

Visibility: Public

This community can be federated to other instances and be posted/commented in by their users.

1 user / day
210 users / week
344 users / month
1.68K users / 6 months
16 local subscribers
2.97K subscribers
372 Posts
1.23K Comments
Modlog