SOEs are used for workstations and servers.Ĭontrol: ISM-1608 Revision: 1 Updated: Mar-22 Applicability: All Essential Eight: N/A To reduce the likelihood of such occurrences, an organisation should endeavour to obtain their SOEs from trusted third parties while also scanning them for malicious code and configurations.Īs operating environments naturally change over time, such as patches or updates are applied, configurations are changed, and applications are added or removed, it is essential that SOEs are reviewed and updated at least annually to ensure that an up-to-date baseline is maintained.Ĭontrol: ISM-1406 Revision: 2 Updated: Aug-20 Applicability: All Essential Eight: N/A When SOEs are obtained from third parties, such as service providers, there are additional cyber supply chain risks that should be considered, such as the accidental or deliberate inclusion of malicious code or configurations. ![]() Conversely, a Standard Operating Environment (SOE), provided via an automated build process or a golden image, is designed to facilitate a standardised and consistent operating environment within an organisation. Such operating environments may assist an adversary in gaining an initial foothold on networks due to the higher likelihood of poorly configured or maintained workstations and servers. Standard Operating EnvironmentsĪllowing users to setup, configure and maintain their own workstations and servers can result in an inconsistent operating environment. Where supported, 64-bit versions of operating systems are used. The latest release, or the previous release, of operating systems are used.Ĭontrol: ISM-1408 Revision: 5 Updated: Dec-22 Applicability: All Essential Eight: N/A In addition, 64-bit versions of operating systems support additional security functionality that 32-bit versions do not.Ĭontrol: ISM-1407 Revision: 5 Updated: Dec-22 Applicability: All Essential Eight: M元 Using older releases of operating systems, especially those no longer supported by vendors, may expose an organisation to security vulnerabilities or exploitation techniques that have since been mitigated. This can make it more difficult for an adversary to craft reliable exploits for security vulnerabilities they discover. Newer releases of operating systems often introduce improvements in security functionality. Operating systems are chosen from vendors that have demonstrated a commitment to secure-by-design and secure-by-default principles, use of memory-safe programming languages where possible, secure programming practices, and maintaining the security of their products. This will assist not only with reducing the potential number of security vulnerabilities in operating systems, but also increasing the likelihood that timely patches, updates or vendor mitigations will be released to remediate any security vulnerabilities that are found.Ĭontrol: ISM-1743 Revision: 1 Updated: Mar-23 Applicability: All Essential Eight: N/A When selecting operating systems, it is important that an organisation preferences vendors that have demonstrated a commitment to secure-by-design and secure-by-default principles, use of memory-safe programming languages where possible (such as C#, Go, Java, Ruby, Rust and Swift), secure programming practices, and maintaining the security of their products. ![]() Operating system hardening Operating system selection
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |