PR.PS-01.239

Does your organization have a documented process for reviewing default configuration settings for security implications when installing or upgrading software?

Explanation

Default configurations in software often prioritize usability over security, potentially leaving systems vulnerable to attacks. This review process should identify and modify insecure default settings such as default credentials, unnecessary open ports, excessive permissions, or enabled but unneeded features that expand the attack surface. Evidence could include a formal configuration review checklist or procedure document, screenshots of configuration management tools, or documentation showing before/after configuration settings with security-focused changes highlighted during recent software deployments.

Implementation Example

Review all default configuration settings that may potentially impact cybersecurity when installing or upgrading software

ID: PR.PS-01.239

Context

Function
PR: PROTECT
Category
PR.PS: Platform Security
Sub-Category
Configuration management practices are established and applied

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Signature
Neil Cameron
Founder, ResponseHub
Neil Cameron