Standards Group:
YALE-MSS-5: Software Security
YALE-MSS-5.1: Utilize an industry-standard secure configuration method
Details
Review the secure configuration standard and make risk-based decisions when choosing not to apply specific controls. Document your decisions and review them regularly.
There are secure configuration standards available for most IT Systems. This includes hardware, software, and firmware.
Yale requires you to implement an industry-standard secure configuration method. When applicable, the CIS (Center for Internet Security) Benchmarks are Yale's preferred standard. For more information on the CIS benchmarks, visit: https://www.cisecurity.org/cis-benchmarks/.
An industry-standard secure configuration method aids the implementation of security best practices. Use an industry-standard configuration method tailored to your hardware, software, or firmware. This ensures you are meeting security best practices for your IT System.