Information Security Guideline

Introduction

Hardening guides are meant to further enhance the levels of security for systems, applications, databases and devices by reducing the exposed attack surface of a product or service. Application of these guides requires some vigilance as they could also render systems, applications, or databases unusable for their intended purpose.
This guideline has been issued by the Chief Information Officer to supplement the Vulnerability Management standard. Compliance with this guideline is recommended, but not mandatory. Questions about this guideline may be referred to information.security@ubc.ca.

CIS Benchmarks are available via the Center for Internet Security (CIS) for the following technologies:

Technology	Available Categories/Guides
Operating Systems	Linux, Apple macOS, Microsoft Windows, UNIX, IBM, Oracle Solaris
Server Software	Web Server, Virtualization, Collaboration Servers, Database Server, DNS Server, Authentication Server
Cloud Providers	Alibaba Cloud, Amazon Web Services, Google Cloud Computing Platform, Google Workspace, IBM Cloud Foundations, Microsoft Azure, Oracle Cloud Infrastructure
Mobile Devices	Apple IoS, Google Android
Network Devices	Checkpoint Firewall, Cisco, Juniper, Palo Alto Networks
Desktop Software	Productivity software, web browsers
Multi-function Print Devices	Print devices

The CIS Benchmarks are configured into two categories: Level 1 & Level 2 controls:
1. Level 1 controls are generally safe settings that should be configured at a minimum on a server or a database, and should cause little or no interruption of service; and
2. Level 2 controls are recommended in highly secure environments and carry a higher risk of impacting services.
WordPress and Drupal are popular content management systems and are frequently targeted for attacks; as such it is recommended that the Securing WordPress and Securing Drupal guidelines be used in hardening and protecting WordPress and Drupal deployments.