Content library
Julkri: TL IV-I
TEK-10.2: Järjestelmäkovennus - kovennusten varmistaminen koko elinkaaren ajan

How to fill the requirement

Julkri: TL IV-I

TEK-10.2: Järjestelmäkovennus - kovennusten varmistaminen koko elinkaaren ajan

Task name
Priority
Status
Theme
Policy
Other requirements
Maintaining system hardening
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Development and cloud
Technical vulnerability management
requirements

Task is fulfilling also these other security requirements

TEK-10.2: Järjestelmäkovennus - kovennusten varmistaminen koko elinkaaren ajan
Julkri
I-08: VÄHIMMÄISTOIMINTOJEN JA VÄHIMPIEN OIKEUKSIEN PERIAATE – JÄRJESTELMÄKOVENNUS
Katakri 2020
1. Task description

The validity and effectiveness of used hardening is maintained throughout the whole life cycle of the data system.

Ensuring system hardening
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Technical cyber security
Network security
requirements

Task is fulfilling also these other security requirements

I08: Järjestelmäkovennus
Katakri
TEK-10: Järjestelmäkovennus
Julkri
TEK-10.2: Järjestelmäkovennus - kovennusten varmistaminen koko elinkaaren ajan
Julkri
PR.PT-3: The principle of least functionality is incorporated by configuring systems to provide only essential capabilities.
CyFun
1. Task description

Systems here mean servers, workstations, active network devices (firewalls, routers, switches, wireless base stations, etc.) and the like. Hardening, on the other hand, means changing the system's settings in such a way that the system's vulnerability area can be reduced.

Organization has defined operating processes through which:

  • Only essential features, devices and services (in terms of usage and data processing requirements) are put into use. Redundancies are also removed at the BIOS level.
  • There is a procedure in which systems are systematically installed so that the end result is a hardened installation.
  • A hardened installation contains only such components and services, and users and processes rights that are necessary to meet operational requirements and ensure security.
  • Software such as operating systems, applications, and firmware are set to collect the necessary log information to detect abuse.
  • Starting the data system from an unknown (other than defined as primary) is blocked from the device.
  • Software (e.g. firmware, applications) is kept up-to-date.
  • Connections to the target, including management connections, are limited, hardened, user-identified and time-limited (session timeout).< /li>
No items found.