Configuration and hardening review against CIS-style baselines: services, permissions, logging, secrets handling, and default-credential exposure.
67 checks · progress and notes saved in your browser
Build-review checks that validate an operating system image against a recognized hardening baseline (CIS, DISA STIG, NIST SP 800-123): unnecessary software, account and authentication policy, and filesystem security.
Hardening review of the most commonly exposed application tiers: web servers, databases, and the elimination of default/insecure configuration shipped by vendors.
Review of authorization design and remote-access security: role-based least privilege, hardened administrative protocols (SSH/RDP), and host-based firewall posture.
Review of audit configuration, log integrity and retention, central log forwarding, and time synchronization that underpins reliable audit trails.
Review of cryptographic configuration and secret handling: TLS protocols and certificate management, secrets at rest and key management, and encryption of data at rest.