What sources of technical controls does your organization use?
Do you base device/operating system configurations on:
- CIS workbench?
- NIST/STIG?
- Microsoft best practice?
- Google searches and ‘that looks good’?
How closely rigorously does your organization enforce change management for policies or settings?
- Can you change GPOs/Linux/Network device settings as needed?
- During maintenance window?
- After a group meeting with code/change review and some sort of approval authority?
You must log in or # to comment.