cybersecurity
redfox
•
6mo ago
•
80%
Technical Controls
What sources of technical controls does your organization use?
Do you base device/operating system configurations on:
- CIS workbench?
- NIST/STIG?
- Microsoft best practice?
- Google searches and 'that looks good'?
How closely rigorously does your organization enforce change management for policies or settings?
- Can you change GPOs/Linux/Network device settings as needed?
- During maintenance window?
- After a group meeting with code/change review and some sort of approval authority?
Comments 3