
23
InformatIon SecurIty PolIcy DeveloPment for comPlIance
System Configuration and Hardening
Define the requirement and procedures that
must be followed to configure newly
installed network components securely.
ISO/IEC 27001
NIST SP 800-53 CM-6 L446
HIPAA Standard
PCI DSS V2.0 2.2 L447
AUP V5.0 I.3 L448
Describe the techniques used for network
hardening (e.g., limiting unnecessary
protocols and services, etc.).
ISO/IEC 27001
NIST SP 800-53
HIPAA Standard
PCI DSS V2.0 2.2.2 L449
AUP V5.0 I.3 L450
System Services Acquisition and Protection
Vendor and Third-Party Agreements
Describe the procedures that are followed,
including a risk assessment that may be
performed, ...