Task Create New Baselines¶

Conditions¶

Create baseline image(s) for the following(s) to meet the compliance against the NIST Moderate standards

All baseline image(s) must be checked to verify that no critical and high vulnerabilities exists in the image at the time of creation.
Run vulnerability analysis (Nessus preferred) of the image with the latest plugins.
This must include workstations, laptops, application servers, and domain controllers.
Use provided Security Content Automation Protocol Tool (SCAP) to achieve baseline image of 70% or greater SCAP score.

All created baseline images must be free of critical/high vulnerabilities AND have 70% or greater SCAP score.

Load/Install operating system to be used for creating baseline image.
Run security patches and recommended updates.
Ensure that the Vulnerability Scanner (Nessus) has the latest plugins and analyze the baseline image.
Identify and remediate all critical and high findings using the Nessus report(s) remediation guide.
Repeat this process until no critical and high vulnerabilities exist.
It is highly recommended that all vulnerabilities are reviewed and patched according to the agencys' security guidelines, including moderate and low vulnerabilities, to minimize attack surface.
Load Security Content Automation Protocol (SCAP) tool and scan the image. This process can be done on the image itself or via remote.
Review and remediate findings to further harden the image.
Repeat this process until 70% or better score is achieved.
Save image.
Test out new image in small sets in multiple departments prior to mass rollout.