Does your organization have a formal pre-deployment security hardening process for all systems, hardware, software, and services before they enter production?
Explanation
Hardening before go-live is the point of this item, namely whether you run a formal pre-deployment security hardening process for systems, hardware, software, and services entering production.
Proper pre-deployment hardening includes activities such as removing unnecessary services, applying security patches, configuring secure authentication, implementing least privilege access controls, and ensuring secure network configurations.As evidence, you could provide documentation of your pre-deployment security checklist, hardening standards for different system types, screenshots of configuration management tools, or sample security validation reports that must be completed before production deployment approval.
Implementation Example
Properly configure and secure systems, hardware, software, and services prior to their deployment in production
ID: ID.AM-08.142
Context
- Function
- ID: IDENTIFY
- Category
- ID.AM: Asset Management
- Sub-Category
- Systems, hardware, software, services, and data are managed throughout their life cycles
Related questions
- Does your organization maintain comprehensive inventories of all hardware assets, including IT equipment, IoT devices, operational technology (OT), and mobile devices?
- Does your organization implement automated network monitoring to detect new hardware and update inventory records in real-time?
- Does your organization maintain a comprehensive inventory of all software and services, including commercial, open-source, custom, API, and cloud-based applications?
- Does your organization implement continuous monitoring for software and service inventory changes across all platforms, including containers and virtual machines?
- Does your organization maintain a comprehensive inventory of all systems within your environment?
- Does your organization maintain documented baselines of expected network communication patterns and data flows for both wired and wireless networks?

