Guides
- DISA Security Technical Implementation Guides (STIGS)
- NIST Computer Resource Center National Checklist Program Repository
- Microsoft TechNet – Geek of All Trades: Automate Baseline Security Settings
- SANS Institute – Secure Configuration Management Demystified
- Center for Internet Security – Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers
- NIST – National Checklist Program Repository
Example Tools
- Microsoft Security Compliance Manager
- Tenable Security Center
- NIST – SCAP Intro
- OSCAP
- Linux SCAP Workbench
- Center for Internet Security – Benchmarks
Sample Policy & Procedures
- SANS Institute – Server Security Policy
- SANS Institute – Router and Switch Security Policy
- Berkeley Information Security and Policy – Secure Device Configuration Guideline