Domain 4.1

Secure baselines

Standard secure system configurations

Establish

Create approved secure settings

Deploy

Apply secure configurations to systems

Maintain

Keep configurations updated and enforced

Hardening targets

Systems requiring security strengthening

Mobile devices

Portable computing devices

Workstations

User desktop or laptop systems

Switches

Network devices connecting devices in a LAN

Routers

Devices routing traffic between networks

Servers

Systems providing services or resources

ICS

Industrial systems controlling operations

IoT devices

Internet-connected smart devices

Wireless devices

Devices using wireless communication

Installation considerations

Factors reviewed before deployment

Site surveys

Assessment of wireless coverage area

Heat maps

Visual map of signal strength

Mobile solutions

Security for portable device environments

Mobile Device Management (MDM)

System managing and securing mobile devices

Deployment models

Device ownership strategies

Bring Your Own Device (BYOD)

Employees use personal devices for work

Corporate-Owned, Personally-Enabled (Cope)

Owned, Personally Enabled

Choose Your Own Device (CYOD)

Employee selects from approved devices

Connection methods

Ways devices connect to networks

Cellular

Mobile network data connection

Wireless security settings

Wireless protection configurations

WPA3

Latest Wi-Fi security protocol

RADIUS

protocol that provides centralized AAA

Cryptographic protocols

Rules for encrypted communication

Authentication protocols

Methods verifying identity

Application security

Protecting software from threats

Input validation

Checking user input for safety

Secure cookies

Protected browser cookies

Static code analysis

Reviewing source code for flaws

Code signing

Digitally verifying software integrity

Sandboxing

Running code in an isolated environment